Summary: | <dev-db/sqlite-3.32.3-r1: Multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Arfrever Frehtes Taifersar Arahesis <arfrever.fta> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | floppym |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | All | ||
Whiteboard: | B3 [noglsa] | ||
Package list: |
dev-db/sqlite-3.32.3-r1
|
Runtime testing required: | --- |
Description
Arfrever Frehtes Taifersar Arahesis
2020-07-14 20:04:53 UTC
> Commit (trunk): https://sqlite.org/src/info/28515bbbae4fbc26 > 2020-07-23 13:45:47 > "Fix another case where a corrupt record could cause an assert() to fail in fts3." > Commit (trunk): https://sqlite.org/src/info/892e9191dc8f8056 > 2020-07-24 09:14:44 > "Fix pointer aliasing problem in the in-memory journal code. Ref: forum post d44eb2fc44" > Commit (trunk): https://sqlite.org/src/info/270ac1a0f232d755 > 2020-07-24 09:17:42 > "Fix other potentiall pointer aliasing problems associated with subclassing of the sqlite3_file object for various VFS implementations." > Commit (trunk): https://sqlite.org/src/info/d48af4d2cfff3d5f > 2020-06-08 14:43:41 > "Fix a case where a corrupted fts3 record could cause an assert() failure, or spurious SQLITE_NOMEM error in builds with assert() disabled." > Commit (trunk): https://sqlite.org/src/info/14eed318aa9e6e16 > 2020-07-21 18:25:19 > "Add the sqlite3Int64ToText() routine and use it to convert integers to text, as it is much faster than the generic text formatter." > Commit (trunk): https://sqlite.org/src/info/9679c0c61131f0e9 > 2020-07-21 18:36:06 > "Work-around for GCC bug 96270." > https://sqlite.org/forum/forumpost/54e1773c0c The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dd5e959e06f605b7caa81d8f44ae7b83f98440fb commit dd5e959e06f605b7caa81d8f44ae7b83f98440fb Author: Arfrever Frehtes Taifersar Arahesis <Arfrever@Apache.Org> AuthorDate: 2020-07-27 00:00:00 +0000 Commit: Mike Gilbert <floppym@gentoo.org> CommitDate: 2020-07-29 18:46:04 +0000 dev-db/sqlite: Security fixes and other fixes (3.32.3-r1). Bug: https://bugs.gentoo.org/732604 Closes: https://bugs.gentoo.org/685874 Closes: https://bugs.gentoo.org/733092 Signed-off-by: Arfrever Frehtes Taifersar Arahesis <Arfrever@Apache.Org> Signed-off-by: Mike Gilbert <floppym@gentoo.org> .../sqlite/files/sqlite-3.32.3-backports_1.patch | 361 +++++++++++++++++++++ .../sqlite/files/sqlite-3.32.3-backports_2.patch | 302 +++++++++++++++++ .../sqlite/files/sqlite-3.32.3-backports_3.patch | 220 +++++++++++++ dev-db/sqlite/sqlite-3.32.3-r1.ebuild | 339 +++++++++++++++++++ 4 files changed, 1222 insertions(+) Let us know when ready to stable. Nothing here looks critical from a security perspective, although there's some important integrity fixes it seems. Let me know if you disagree, of course. arm stable sparc stable arm64 stable s390 stable hppa stable ppc stable ppc64 stable. Maintainer(s), please cleanup. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=022a6609aaf851c09482de563a692407b4a4a472 commit 022a6609aaf851c09482de563a692407b4a4a472 Author: Arfrever Frehtes Taifersar Arahesis <Arfrever@Apache.Org> AuthorDate: 2020-09-14 11:00:00 +0000 Commit: Mike Gilbert <floppym@gentoo.org> CommitDate: 2020-09-15 18:33:39 +0000 dev-db/sqlite: Delete old version (3.32.3). Bug: https://bugs.gentoo.org/732604 Signed-off-by: Arfrever Frehtes Taifersar Arahesis <Arfrever@Apache.Org> Signed-off-by: Mike Gilbert <floppym@gentoo.org> .../files/sqlite-3.32.3-security_fixes.patch | 146 --------- dev-db/sqlite/sqlite-3.32.3.ebuild | 340 --------------------- 2 files changed, 486 deletions(-) Thank you! |