CVE-2019-9937 (https://nvd.nist.gov/vuln/detail/CVE-2019-9937): In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c. CVE-2019-9936 (https://nvd.nist.gov/vuln/detail/CVE-2019-9936): In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.
Upstream fixes: CVE-2019-9937 https://sqlite.org/src/info/45c73deb440496e8 CVE-2019-9936 https://sqlite.org/src/info/b3fa58dd7403dbd4
I am aware of release of SQLite 3.28.0, but there are several problems: - Test failures with USE="icu", now fixed: https://marc.info/?t=155623583500001&r=1&w=2 - Segmentation fault triggered by test suite (on x86_64, seemingly not on x86_32), investigation ongoing - Some incompatible change in behavior of fts3_tokenizer() function, potentially breaking some reverse dependencies
(In reply to Arfrever Frehtes Taifersar Arahesis from comment #2) > - Segmentation fault triggered by test suite This problem is now fixed: https://marc.info/?t=155678524000002&r=1&w=2 https://sqlite.org/src/info/c509d8a8aebe0da4
dev-db/sqlite-3.28.0 is now in the tree. Security fixes made after release of 3.28.0 have been backported: https://sqlite.org/src/info/b2ce5ed175cb5029 2019-04-22 11:47:40 "Fix an assert() that may be false for corrupt databases." https://sqlite.org/src/info/6e4a5f22811bcd14 2019-04-24 15:13:02 "Fix an error in fts3_write.c allowing a corrupt database to cause a crash." https://sqlite.org/src/info/516ca8945150bdc1 2019-04-24 15:57:25 "Fix a problem in fts5 where a corrupt position list could lead to a buffer overwrite." https://sqlite.org/src/info/e1724f1d618cfbcf 2019-04-24 16:13:52 "Fix another instance in fts3 where a corrupt record can cause a buffer overflow." https://sqlite.org/src/info/c621fc668c6538f9 2019-04-29 11:27:58 "Fix a stack overflow that could occur when renaming a table that has a trigger containing a window function invocation that itself contains a specific syntax error." https://sqlite.org/src/info/c509d8a8aebe0da4 2019-05-02 15:56:39 "Earlier detection of a database corruption case in balance_nonroot(), to prevent a possible use of an uninitialized variable." https://sqlite.org/src/info/a9b90aa12eecdd9f 2019-05-03 18:50:24 "Fix a memory-leak/segfault caused by using OP_OpenDup and OP_OpenEphemeral on the same VM cursor." (Waiting some time for sufficient testing of reverse dependencies before starting stabilization.)
Stabilization will happen in bug 685838.
This issue was resolved and addressed in GLSA 201908-09 at https://security.gentoo.org/glsa/201908-09 by GLSA coordinator Aaron Bauman (b-man).