Summary: | <dev-db/sqlite-3.31.1: NULL pointer dereference and segmentation fault because of generated column optimizations (CVE-2020-9327) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | arfrever.fta, floppym, ua_gentoo_bugzilla |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | A3 [glsa+ cve] | ||
Package list: |
dev-db/sqlite-3.31.1
|
Runtime testing required: | --- |
Bug Depends on: | |||
Bug Blocks: | 717802 |
Description
Agostino Sarubbo
2020-03-04 16:09:38 UTC
Other security-related fixes useful for backporting: https://sqlite.org/cgi/src/info/5aeb5a2d295e10d5 "Fix a potential NULL pointer dereference following OOM. Problem discovered by dbsqlfuzz. Test case in TH3." https://sqlite.org/cgi/src/info/a67cf5b7d37d5b14 "Early-out on the INTERSECT query processing following an out-of-memory error. This fixes a potential null pointer dereference found by sakura(@eternalsakura13) of Alpha Team, Qihoo 360." https://sqlite.org/cgi/src/info/14d14eb537075c6a "Add test case for previous commit." https://sqlite.org/cgi/src/info/c431b3fd8fd0f6a6 "Fix a problem with ALTER TABLE for views that have a nested FROM clause. Ticket [f50af3e8a565776b]." (Referenced ticket (https://sqlite.org/cgi/src/info/f50af3e8a565776b) is about out-of-bounds memory access.) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f97d093bbdf3d3b6057a3743c4f9f541e51fd435 commit f97d093bbdf3d3b6057a3743c4f9f541e51fd435 Author: Arfrever Frehtes Taifersar Arahesis <Arfrever@Apache.Org> AuthorDate: 2020-03-09 16:30:41 +0000 Commit: Mike Gilbert <floppym@gentoo.org> CommitDate: 2020-03-09 19:26:42 +0000 dev-db/sqlite: Security fixes. Bug: https://bugs.gentoo.org/711526 Signed-off-by: Arfrever Frehtes Taifersar Arahesis <Arfrever@Apache.Org> Signed-off-by: Mike Gilbert <floppym@gentoo.org> ...sqlite-3.31.1-full_archive-security_fixes.patch | 163 +++++++++++++++++++++ ...ite-3.31.1-nonfull_archive-security_fixes.patch | 112 ++++++++++++++ dev-db/sqlite/sqlite-3.31.1.ebuild | 2 + 3 files changed, 277 insertions(+) sparc stable ppc stable ppc64 stable ia64 stable arm64 stable s390 stable arm stable New GLSA request filed. This issue was resolved and addressed in GLSA 202003-16 at https://security.gentoo.org/glsa/202003-16 by GLSA coordinator Thomas Deutschmann (whissi). Re-opening for remaining architectures. hppa stable SuperH port disbanded. @m68k: ping m68k dropped stable keywords @maintainer(s), please cleanup The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=266adc0dd4ef16721ec51ffdc69df7325f6824fb commit 266adc0dd4ef16721ec51ffdc69df7325f6824fb Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2020-04-23 14:44:23 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-04-23 14:44:23 +0000 dev-db/sqlite: security cleanup Bug: https://bugs.gentoo.org/711526 Package-Manager: Portage-2.3.99, Repoman-2.3.22 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> dev-db/sqlite/Manifest | 6 - dev-db/sqlite/sqlite-3.29.0.ebuild | 395 ------------------------------------- dev-db/sqlite/sqlite-3.30.1.ebuild | 388 ------------------------------------ 3 files changed, 789 deletions(-) Repository is clean, all done. |