Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 578940 - <dev-db/sqlite-3.12.0: Buffer overread, buffer overflow, integer overflow
Summary: <dev-db/sqlite-3.12.0: Buffer overread, buffer overflow, integer overflow
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All All
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B4 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2016-04-03 16:41 UTC by Arfrever Frehtes Taifersar Arahesis
Modified: 2017-01-14 14:32 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Arfrever Frehtes Taifersar Arahesis 2016-04-03 16:41:56 UTC 
https://sqlite.org/src/info/424b7aee3310b978
2016-02-26 16:03:29
"Fix the ICU extension LIKE function so that it does not read past the end of a buffer if it it passed malformed utf-8."

https://sqlite.org/src/info/b8dc1b9f5d413000
2016-02-26 21:20:57
"Fix a potential buffer overflow in the ICU upper() function."

https://sqlite.org/src/info/ff1b1ac3313ba9d7
2016-03-22 14:10:45
"Avoid the possibility of integer overflow on a pointer comparison test for corruption in the database file."
Comment 1 Arfrever Frehtes Taifersar Arahesis 2016-04-03 16:46:06 UTC 
Stabilize dev-db/sqlite-3.12.0.
Comment 2 Jeroen Roovers (RETIRED) gentoo-dev 2016-04-04 04:45:11 UTC 
Stable for HPPA PPC64.
Comment 3 Agostino Sarubbo gentoo-dev 2016-04-08 12:22:38 UTC 
amd64 stable
Comment 4 Agostino Sarubbo gentoo-dev 2016-04-11 10:40:56 UTC 
x86 stable
Comment 5 Markus Meier gentoo-dev 2016-04-19 15:46:27 UTC 
arm stable
Comment 6 Tobias Klausmann (RETIRED) gentoo-dev 2016-05-20 15:22:17 UTC 
Stable on alpha.
Comment 7 Agostino Sarubbo gentoo-dev 2016-07-08 07:54:14 UTC 
ppc stable
Comment 8 Agostino Sarubbo gentoo-dev 2016-07-08 10:02:16 UTC 
sparc stable
Comment 9 Agostino Sarubbo gentoo-dev 2016-07-08 12:02:45 UTC 
ia64 stable
Comment 10 Aaron Bauman (RETIRED) gentoo-dev 2016-07-09 02:46:34 UTC 
Removing unstable arches.

@maintainer(s), please cleanup the vulnerable ebuilds.  Considering this is a proxy-maint package please let us know if you need assistance.
Comment 11 Aaron Bauman (RETIRED) gentoo-dev 2016-07-17 10:29:31 UTC 
Cleaned:

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f1114f6b96873bd512195df76559b128a1ae2dfb

GLSA Vote: No.