Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 549258 - <dev-db/sqlite-3.8.10: two read heap overflows (CVE requested)
Summary: <dev-db/sqlite-3.8.10: two read heap overflows (CVE requested)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: http://seclists.org/fulldisclosure/20...
Whiteboard: B2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2015-05-12 12:18 UTC by Hanno Böck
Modified: 2017-01-14 14:32 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Hanno Böck gentoo-dev 2015-05-12 12:18:18 UTC 
See here:
https://blog.fuzzing-project.org/10-Two-invalid-read-errors-heap-overflows-in-SQLite-TFPA-0062015.html

Two minor security issues in sqlite, fixed in the latest version 3.10.1. The release notes say:
"Fix many obscure problems discovered while SQL fuzzing."
https://sqlite.org/releaselog/3_8_10_1.html

So this probably means there are more issues than the two I reported.

Maintainers, please bump.
Comment 1 Arfrever Frehtes Taifersar Arahesis 2015-05-12 15:10:54 UTC 
Stabilize dev-db/sqlite-3.8.10.1.
Comment 2 Jeroen Roovers (RETIRED) gentoo-dev 2015-05-13 05:53:05 UTC 
Stable for HPPA PPC64.
Comment 3 Agostino Sarubbo gentoo-dev 2015-05-13 07:57:02 UTC 
amd64 stable
Comment 4 Pacho Ramos gentoo-dev 2015-05-15 11:55:54 UTC 
ppc stable
Comment 5 Jack Morgan (RETIRED) gentoo-dev 2015-05-15 23:55:42 UTC 
ia64 stable
Comment 6 Agostino Sarubbo gentoo-dev 2015-05-19 07:26:34 UTC 
x86 stable
Comment 7 Matt Turner gentoo-dev 2015-05-20 01:59:15 UTC 
alpha stable
Comment 8 Agostino Sarubbo gentoo-dev 2015-05-27 13:02:35 UTC 
arm stable
Comment 9 Jack Morgan (RETIRED) gentoo-dev 2015-06-02 05:24:21 UTC 
sparc stable
Comment 10 Arfrever Frehtes Taifersar Arahesis 2015-06-04 07:00:41 UTC 
Vulnerable <dev-db/sqlite-3.8.10 dropped.
Comment 11 GLSAMaker/CVETool Bot gentoo-dev 2016-12-08 13:11:20 UTC 
This issue was resolved and addressed in
 GLSA 201612-21 at https://security.gentoo.org/glsa/201612-21
by GLSA coordinator Aaron Bauman (b-man).