[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#864088: unblock (pre-approval): sqlite3/3.6.12-4

Control: tags -1 - moreinfo

Hi

On Sun, Jun 04, 2017 at 11:20:00AM +0000, Niels Thykier wrote:
> Control: tags -1 confirmed moreinfo
> 
> László Böszörményi (GCS):
> > Package: release.debian.org
> > User: release.debian.org@packages.debian.org
> > Usertags: unblock
> > 
> > Hi Release Team,
> > 
> > I would like to upload a security related update for sqlite3. It contains:
> > - Prevent a possible NULL pointer dereference in the OP_Found opcode
> > that can follow an OOM error. Problem found by OSS-Fuzz[1],
> > - Stack overflow while parsing deeply nested JSON[2],
> > - JSON allows unescaped control characters in strings[3],
> > - JSON extension accepts invalid numeric values[4].
> > 
> > Upstream tagged these as 'code defect' and severity 'severe'. The
> > changes itself are small and the 3.19.2-1 version in experimental
> > contains these fixes.
> > 
> > Debdiff is attached. Thanks for consideration.
> > 
> > Regards,
> > Laszlo/GCS
> > [1] http://www.sqlite.org/src/info/c2de178fe7e2e4e0
> > [2] https://www.sqlite.org/src/info/981329adeef51011052
> > [3] https://www.sqlite.org/src/info/6c9b5514077fed34551
> > [4] https://www.sqlite.org/src/info/b93be8729a895a528e2
> > 
> 
> Ack, please go ahead.  Given the deadlines for migration, ideally this
> upload is completed no later than Monday.

Remvoing the moreinfo tag, since uploaded and built on all release
architectures afaics.

Regards,
Salvatore
Reply to: