CVE-2021-20227 (https://bugzilla.redhat.com/show_bug.cgi?id=1924886): A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability. Fixed in 3.34.1, please bump.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=132acb75720c31a40559b2d9e279182318b8eb4b commit 132acb75720c31a40559b2d9e279182318b8eb4b Author: Arfrever Frehtes Taifersar Arahesis <Arfrever@Apache.Org> AuthorDate: 2021-03-25 00:00:00 +0000 Commit: Mike Gilbert <floppym@gentoo.org> CommitDate: 2021-03-26 14:38:01 +0000 dev-db/sqlite: Version bump (3.34.1). Bug: https://bugs.gentoo.org/777990 Signed-off-by: Arfrever Frehtes Taifersar Arahesis <Arfrever@Apache.Org> Signed-off-by: Mike Gilbert <floppym@gentoo.org> dev-db/sqlite/Manifest | 2 + dev-db/sqlite/files/sqlite-3.34.1-build_1.1.patch | 375 ++++++++++++++++ dev-db/sqlite/files/sqlite-3.34.1-build_1.2.patch | 500 ++++++++++++++++++++++ dev-db/sqlite/files/sqlite-3.34.1-build_2.1.patch | 291 +++++++++++++ dev-db/sqlite/files/sqlite-3.34.1-build_2.2.patch | 441 +++++++++++++++++++ dev-db/sqlite/sqlite-3.34.1.ebuild | 427 ++++++++++++++++++ 6 files changed, 2036 insertions(+)
Please cleanup.
(In reply to John Helmert III from comment #2) > Please cleanup. No, that's wrong. Ready to stabilize for other arches?
ppc64 done
ppc done
arm64 done
sparc done
arm done
hppa stable
New GLSA request filed.
s390 stable. Maintainer(s), please cleanup.
Resetting sanity check; keywords are not fully specified and arches are not CC-ed.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=648611c35f8bdad94062e54b39cdffc63acc0a50 commit 648611c35f8bdad94062e54b39cdffc63acc0a50 Author: Arfrever Frehtes Taifersar Arahesis <Arfrever@Apache.Org> AuthorDate: 2021-04-01 22:00:00 +0000 Commit: Mike Gilbert <floppym@gentoo.org> CommitDate: 2021-04-02 15:00:48 +0000 dev-db/sqlite: Delete old versions (3.33.0, 3.34.0). Bug: https://bugs.gentoo.org/777990 Signed-off-by: Arfrever Frehtes Taifersar Arahesis <Arfrever@Apache.Org> Signed-off-by: Mike Gilbert <floppym@gentoo.org> dev-db/sqlite/Manifest | 4 - dev-db/sqlite/files/sqlite-3.33.0-build_1.1.patch | 413 ------------------ dev-db/sqlite/files/sqlite-3.33.0-build_1.2.patch | 422 ------------------ dev-db/sqlite/files/sqlite-3.33.0-build_2.1.patch | 286 ------------- dev-db/sqlite/files/sqlite-3.33.0-build_2.2.patch | 434 ------------------- dev-db/sqlite/files/sqlite-3.34.0-build_1.1.patch | 375 ---------------- dev-db/sqlite/files/sqlite-3.34.0-build_1.2.patch | 500 ---------------------- dev-db/sqlite/files/sqlite-3.34.0-build_2.1.patch | 291 ------------- dev-db/sqlite/files/sqlite-3.34.0-build_2.2.patch | 441 ------------------- dev-db/sqlite/sqlite-3.33.0.ebuild | 374 ---------------- dev-db/sqlite/sqlite-3.34.0.ebuild | 434 ------------------- 11 files changed, 3974 deletions(-)
Package list is empty or all packages have requested keywords.
GLSA request filed
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=b966ebfc6ef872316dabbe9fe102bd7f47faadb1 commit b966ebfc6ef872316dabbe9fe102bd7f47faadb1 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-10-31 20:24:49 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-10-31 20:25:51 +0000 [ GLSA 202210-40 ] SQLite: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/777990 Bug: https://bugs.gentoo.org/863431 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202210-40.xml | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+)
GLSA released, all done!
