Bug 725118

Summary:	dev-db/sqlite: Multiple vulnerabilities (CVE-2020-{13434,13435})
Product:	Gentoo Security	Reporter:	Sam James <sam>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED DUPLICATE
Severity:	normal	CC:	allenwebb, arfrever.fta, floppym
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---

Description Sam James archtester

2020-05-24 22:55:53 UTC

* CVE-2020-13434

Description:
"SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c."

Patch: https://www.sqlite.org/src/info/23439ea582241138
Patch: https://www.sqlite.org/src/info/d08d3405878d394e 

* CVE-2020-13435

Description:
"SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c."

Patch: https://www.sqlite.org/src/info/7a5279a25c57adf1

Comment 1 Sam James archtester

2020-05-24 22:56:50 UTC

@maintainer(s), you may want to apply these patches before we go through the stable routine for bug 716748. Please let us know what you plan to do?

Comment 2 Arfrever Frehtes Taifersar Arahesis 2020-06-03 04:57:37 UTC

(In reply to Sam James (sec padawan) from comment #0)
> * CVE-2020-13434
> 
> Description:
> "SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in
> printf.c."
> 
> Report: https://sqlite.org/src/info/23439ea582241138
> Commit: https://sqlite.org/src/info/d08d3405878d394e

This commit is included in SQLite 3.32.1.

> * CVE-2020-13435
> 
> Description:
> "SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in
> expr.c."
> 
> Report: https://sqlite.org/src/info/7a5279a25c57adf1
> Commit: https://sqlite.org/src/info/572105de1d44bca4

This commit is included in SQLite 3.32.1.

Comment 3 Arfrever Frehtes Taifersar Arahesis 2020-06-03 05:05:09 UTC


*** This bug has been marked as a duplicate of bug 716748 ***