From https://bugzilla.redhat.com/1809315 : In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations. References: https://www.sqlite.org/cgi/src/info/4374860b29383380 https://www.sqlite.org/cgi/src/info/9d0d4ab95dc0c56e https://www.sqlite.org/cgi/src/info/abc473fb8fb99900 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Other security-related fixes useful for backporting: https://sqlite.org/cgi/src/info/5aeb5a2d295e10d5 "Fix a potential NULL pointer dereference following OOM. Problem discovered by dbsqlfuzz. Test case in TH3." https://sqlite.org/cgi/src/info/a67cf5b7d37d5b14 "Early-out on the INTERSECT query processing following an out-of-memory error. This fixes a potential null pointer dereference found by sakura(@eternalsakura13) of Alpha Team, Qihoo 360." https://sqlite.org/cgi/src/info/14d14eb537075c6a "Add test case for previous commit."
https://sqlite.org/cgi/src/info/c431b3fd8fd0f6a6 "Fix a problem with ALTER TABLE for views that have a nested FROM clause. Ticket [f50af3e8a565776b]." (Referenced ticket (https://sqlite.org/cgi/src/info/f50af3e8a565776b) is about out-of-bounds memory access.)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f97d093bbdf3d3b6057a3743c4f9f541e51fd435 commit f97d093bbdf3d3b6057a3743c4f9f541e51fd435 Author: Arfrever Frehtes Taifersar Arahesis <Arfrever@Apache.Org> AuthorDate: 2020-03-09 16:30:41 +0000 Commit: Mike Gilbert <floppym@gentoo.org> CommitDate: 2020-03-09 19:26:42 +0000 dev-db/sqlite: Security fixes. Bug: https://bugs.gentoo.org/711526 Signed-off-by: Arfrever Frehtes Taifersar Arahesis <Arfrever@Apache.Org> Signed-off-by: Mike Gilbert <floppym@gentoo.org> ...sqlite-3.31.1-full_archive-security_fixes.patch | 163 +++++++++++++++++++++ ...ite-3.31.1-nonfull_archive-security_fixes.patch | 112 ++++++++++++++ dev-db/sqlite/sqlite-3.31.1.ebuild | 2 + 3 files changed, 277 insertions(+)
sparc stable
ppc stable
ppc64 stable
ia64 stable
arm64 stable
s390 stable
arm stable
New GLSA request filed.
This issue was resolved and addressed in GLSA 202003-16 at https://security.gentoo.org/glsa/202003-16 by GLSA coordinator Thomas Deutschmann (whissi).
Re-opening for remaining architectures.
hppa stable
SuperH port disbanded.
@m68k: ping
m68k dropped stable keywords
@maintainer(s), please cleanup
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=266adc0dd4ef16721ec51ffdc69df7325f6824fb commit 266adc0dd4ef16721ec51ffdc69df7325f6824fb Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2020-04-23 14:44:23 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-04-23 14:44:23 +0000 dev-db/sqlite: security cleanup Bug: https://bugs.gentoo.org/711526 Package-Manager: Portage-2.3.99, Repoman-2.3.22 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> dev-db/sqlite/Manifest | 6 - dev-db/sqlite/sqlite-3.29.0.ebuild | 395 ------------------------------------- dev-db/sqlite/sqlite-3.30.1.ebuild | 388 ------------------------------------ 3 files changed, 789 deletions(-)
Repository is clean, all done.
