-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3107-1 debian-...@lists.debian.org https://www.debian.org/lts/security/ Chris Lamb September 13, 2022 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : sqlite3 Version : 3.27.2-3+deb10u2 CVE IDs : CVE-2020-35525 CVE-2020-35527 CVE-2021-20223 It was discovered that there were three issues in SQLite: * CVE-2020-35525: Prevent a potential null pointer deference issue in INTERSEC query processing. * CVE-2020-35527: Prevent an out-of-bounds access issue that could be exploited via ALTER TABLE in views that have a nested FROM clauses. * CVE-2021-20223: Prevent an issue with the "unicode61" tokenizer related to Unicode control characters ("class Cc") and embedded NUL characters being misinterpreted as tokens. For Debian 10 buster, these problems have been fixed in version 3.27.2-3+deb10u2. We recommend that you upgrade your sqlite3 packages. For the detailed security status of sqlite3 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/sqlite3 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmMgkh0ACgkQHpU+J9Qx HljR/A//YgkPQl/Rn2CXL+swtj7b7vNO/WZNAqHOLu63m2nEUdcTv0Tpj2ly0tSf 6XuL3xFkrnuy/0tCdd+EuFW7vsY7hzEwiingAdLDcgfXd4F+WFgk9ZfFRnB0RxEg yhfp0qELKTLajrAxge0gEVZuzaXTfGymaBF3SVzmpDJ0AIpIth8eRn4Ooe5rpMCk t6qK5ao4t6kjMqzIyjdmzIGktOft5GsoOvU5zNurmExRs2vhHiUGQVH5ycx9pCoI 7CFQQzGtFsRugQlbO73usO2B12N19yLrStf8/VCuGpzcGnhPFGpv900Ssey0Lh8R st9tf6N/FRZwqcrvRc/peHcgenGSEI2lsTpW7JJt+vYtP+YXUh8Vii1ve257GFe+ KMBuVNKDcxOaFwf6Wc/Uhrixe6+tZZIuQIVQF2iEeFDWHv8viwlQgJDPVQpfjBu6 YVgrQjAwkSZYvXXi7zXvSvvci8QVNGUJyYnov/oqxuju+M3eERTGZpuzoxfDAWnA ifD7O0hFRko9VDuF4aoK/tuJbyu34ys0LALOY7AFsqh2Mlj7bzRZxKEAM6TOgWr7 FIaEQgu1LsSiuuyF35673cuGPZwf+sWggC/RVh8WQFzRYuJEseMqWrACOUJ/wcNV 2YsRXmKY1o6W2PGogKwxwvordC35NTswksHfU1RMmZmNiTO1q8E= =w87F -----END PGP SIGNATURE-----