* CVE-2020-13434 Description: "SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c." Patch: https://www.sqlite.org/src/info/23439ea582241138 Patch: https://www.sqlite.org/src/info/d08d3405878d394e * CVE-2020-13435 Description: "SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c." Patch: https://www.sqlite.org/src/info/7a5279a25c57adf1
@maintainer(s), you may want to apply these patches before we go through the stable routine for bug 716748. Please let us know what you plan to do?
(In reply to Sam James (sec padawan) from comment #0) > * CVE-2020-13434 > > Description: > "SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in > printf.c." > > Report: https://sqlite.org/src/info/23439ea582241138 > Commit: https://sqlite.org/src/info/d08d3405878d394e This commit is included in SQLite 3.32.1. > * CVE-2020-13435 > > Description: > "SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in > expr.c." > > Report: https://sqlite.org/src/info/7a5279a25c57adf1 > Commit: https://sqlite.org/src/info/572105de1d44bca4 This commit is included in SQLite 3.32.1.
*** This bug has been marked as a duplicate of bug 716748 ***