According to that blog post 3.8.9 fixes all of them. Changelog doesn't mention most of them, but has this:
"Fix a potential 32-bit integer overflow problem in the sqlite3_blob_read() and sqlite3_blob_write() interfaces."
http://www.securityfocus.com/archive/1/535269 more information on the potentials.
Changing to B2
Anyway, long story short, I recently reported around 22 bugs in the
query parser, including the use of uninitialized memory when parsing
...and bad free():
...and a stack buffer overflow:
I did some more fuzzing on sqlite and upstream fixed the issues quickly:
Likely minor issues, but you may want to backport these for the update.
Arches, please test and mark stable:
Target Keywords : "alpha amd64 arm hppa ia64 ppc ppc64 spark x86"
Stable for HPPA.
Stable for PPC64.
The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not
properly handle precision and width values during floating-point
conversions, which allows context-dependent attackers to cause a denial of
service (integer overflow and stack-based buffer overflow) or possibly have
unspecified other impact via large integers in a crafted printf function
call in a SELECT statement.
The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not
properly implement comparison operators, which allows context-dependent
attackers to cause a denial of service (invalid free operation) or possibly
have unspecified other impact via a crafted CHECK clause, as demonstrated by
CHECK(0&O>O) in a CREATE TABLE statement.
SQLite before 3.8.9 does not properly implement the dequoting of
collation-sequence names, which allows context-dependent attackers to cause
a denial of service (uninitialized memory access and application crash) or
possibly have unspecified other impact via a crafted COLLATE clause, as
demonstrated by COLLATE"""""""" at the end of a SELECT statement.
Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Arches and Maintainer(s), Thank you for your work.
New GLSA Request filed.
Maintainer(s), please drop the vulnerable version(s).
Vulnerable <dev-db/sqlite-3.8.9 dropped.
This issue was resolved and addressed in
GLSA 201507-05 at https://security.gentoo.org/glsa/201507-05
by GLSA coordinator Mikle Kolyada (Zlogene).