Your message dated Wed, 30 Aug 2017 21:40:03 +0000
with message-id <[email protected]>
and subject line Bug#873762: fixed in sqlite3 3.20.1-1
has caused the Debian Bug report #873762,
regarding sqlite3: CVE-2017-13685
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
873762: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873762
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: sqlite3
Version: 3.8.7.1-1
Severity: normal
Tags: security upstream
Hi,
the following vulnerability was published for sqlite3, it's quite
minor since should be only a problem in the command-line shell
program.
CVE-2017-13685[0]:
| The dump_callback function in SQLite 3.20.0 allows remote attackers to
| cause a denial of service (EXC_BAD_ACCESS and application crash) via a
| crafted file.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-13685
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13685
[1] https://sqlite.org/src/info/02f0f4c54f2819b3
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: sqlite3
Source-Version: 3.20.1-1
We believe that the bug you reported is fixed in the latest version of
sqlite3, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Laszlo Boszormenyi (GCS) <[email protected]> (supplier of updated sqlite3 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 30 Aug 2017 21:01:11 +0000
Source: sqlite3
Binary: lemon sqlite3 sqlite3-doc libsqlite3-0-dbg libsqlite3-0 libsqlite3-dev
libsqlite3-tcl
Architecture: source amd64 all
Version: 3.20.1-1
Distribution: unstable
Urgency: medium
Maintainer: Laszlo Boszormenyi (GCS) <[email protected]>
Changed-By: Laszlo Boszormenyi (GCS) <[email protected]>
Description:
lemon - LALR(1) Parser Generator for C or C++
libsqlite3-0 - SQLite 3 shared library
libsqlite3-0-dbg - SQLite 3 debugging symbols
libsqlite3-dev - SQLite 3 development files
libsqlite3-tcl - SQLite 3 Tcl bindings
sqlite3 - Command line interface for SQLite 3
sqlite3-doc - SQLite 3 documentation
Closes: 873762
Changes:
sqlite3 (3.20.1-1) unstable; urgency=medium
.
* New upstream release.
* Backport fix for CVE-2017-13685, '.dump' command crashes following
PRAGMA empty_result_callbacks=1 (closes: #873762).
Checksums-Sha1:
b260332b0ea749c8c37c4929fa36c6288876317b 2473 sqlite3_3.20.1-1.dsc
4ca433a635737aab1953a207259655ae2d220267 3485848 sqlite3_3.20.1.orig-www.tar.xz
e621aa1e898c1eddd9f5e5b10b22a7d88b01cd3f 5900940 sqlite3_3.20.1.orig.tar.xz
dd53ae06d477ede0ca3b54cf51476c76d169fdd5 17652 sqlite3_3.20.1-1.debian.tar.xz
129ccbdc270d2bbebb82f31cd3ba3822a5350d9d 146858 lemon_3.20.1-1_amd64.deb
f054e32d136c943d46e156944edbc71bc338f8e4 4451408
libsqlite3-0-dbg_3.20.1-1_amd64.deb
289712e05e4efcd9c09ab65a4a732c78a41d10fc 585166 libsqlite3-0_3.20.1-1_amd64.deb
b804b78986b61b08f3aca1417f9f6190a4b39d16 718450
libsqlite3-dev_3.20.1-1_amd64.deb
cbb22dc0d3222882a7e6cf8e8864215b032ec68f 115146
libsqlite3-tcl_3.20.1-1_amd64.deb
656fe00bb81b3e02b92bb4a86550f030e115ae6c 3610200 sqlite3-doc_3.20.1-1_all.deb
db8eef557559f3e29705b98b95eeecdcab3621d6 8084 sqlite3_3.20.1-1_amd64.buildinfo
11f83b83538dce1a6c9b937c5fd0d70e5bd69b8f 809868 sqlite3_3.20.1-1_amd64.deb
Checksums-Sha256:
f9d17a62dbf721057c9ca05bc37bd69e247f289ac7098ab5e98d1e51434dda8a 2473
sqlite3_3.20.1-1.dsc
c31a1ad382c331c0507a5992c6d1697450ffc3410209ae992ead1c34344b5654 3485848
sqlite3_3.20.1.orig-www.tar.xz
0ed8da87222d3e0d45afcd9dac3b91a453eee4ea6eaf1287b78a6f0fb5274437 5900940
sqlite3_3.20.1.orig.tar.xz
8c205983e0f7baf75419123093a42aac97c94e8454c0adf540838264604e04b3 17652
sqlite3_3.20.1-1.debian.tar.xz
2e43465d45eec992f7bc6adabe6e6c438bb35cd38f77e4a1d9dcc160d8bf57ac 146858
lemon_3.20.1-1_amd64.deb
9e4ae5f72205d756937a71f93a5b9b6cc9ab898ff78aa1785737ea9dd5068a0c 4451408
libsqlite3-0-dbg_3.20.1-1_amd64.deb
5953e00f958c15351ba811e9331455930dfbfab6616eabbd6ea563b386fbf8cc 585166
libsqlite3-0_3.20.1-1_amd64.deb
9e097fd51d05dd3f5fced2de99469583416564f7c4c80975bd68489bd68aee5c 718450
libsqlite3-dev_3.20.1-1_amd64.deb
9fa9ffa774f07168201c27cc1386f7c5824aa6b43436da0bebd3e268dd630a9c 115146
libsqlite3-tcl_3.20.1-1_amd64.deb
7a9e8a63e9a9d4aea35ad4f7252f7e33bc57740c7099e19642c7ef91578fea18 3610200
sqlite3-doc_3.20.1-1_all.deb
51c817453b39790d7c079d53ab8370032cfa4611672e8cb5685744b1fbab970c 8084
sqlite3_3.20.1-1_amd64.buildinfo
3c010f64ec6ef7977b5fb958e754dc7c2423cd9eab5ae96eaa7d78e1493a3271 809868
sqlite3_3.20.1-1_amd64.deb
Files:
a415638c444917cca5b5a5a72f59b42b 2473 devel optional sqlite3_3.20.1-1.dsc
e57fcd2b3085c63f5a3b68e05a6652de 3485848 devel optional
sqlite3_3.20.1.orig-www.tar.xz
aa6cbf0615870ab98a7bf9900e172837 5900940 devel optional
sqlite3_3.20.1.orig.tar.xz
9da45a97cfcdd9965e72103004527d96 17652 devel optional
sqlite3_3.20.1-1.debian.tar.xz
6bbba75d8beae65f816fa41e979c9322 146858 devel optional lemon_3.20.1-1_amd64.deb
4372c649254cde926309915c54b202a9 4451408 debug extra
libsqlite3-0-dbg_3.20.1-1_amd64.deb
6908130333aea8adcd5f36427e565291 585166 libs standard
libsqlite3-0_3.20.1-1_amd64.deb
e05305c27fbd7f017c9a53b7efef32e4 718450 libdevel optional
libsqlite3-dev_3.20.1-1_amd64.deb
d83c1d58700159f68d91c30fe83c8fb3 115146 interpreters optional
libsqlite3-tcl_3.20.1-1_amd64.deb
c0a74950ee52439b8b84614ed57fdf3c 3610200 doc optional
sqlite3-doc_3.20.1-1_all.deb
eee5357f880447b42f94d8063dcf0776 8084 devel optional
sqlite3_3.20.1-1_amd64.buildinfo
81d51c87d166d46113b3259bd03b0e98 809868 database optional
sqlite3_3.20.1-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAlmnLDYACgkQ3OMQ54ZM
yL+1Mg/+NBolaVv1HqcrpTTiY9TJsp+xRSxQamiT6DULkivgZ4YscOai3nKnoqXv
8/KfatMJLu7o3AGtAhaFUjxrttBiRCb6fOyI4ECO+iNiVOQURx62+KLCMMd888Di
2kGPzsdicozVS4dMdxPyV1jmxJ2GZ1YEW8xBRtu4AT+8+XGg0aOXDHJF2Cg4VnJQ
XZ49uFBFwFRTrbIujunu2eT/a3E//s4Z/dyKR+enYcBNEUyDSkYBTnHAlVle3wKr
d3q+sIpCFYgUd5Aqs5K4A4NWeylPIRiUIaHx2fFir42lVLxFYDZvqgclSbajvuMw
ANgtQF+174q5ND3Le3EMYjbolPv4xvgfimq4CHZzbl7ZILlEMG0DhWVTkkXL7K+E
l++5gnGdb++xGLpeY9WzbLDbaaFtMPQ+37AIJbrWlnNPCr9h4A42NIREu0HKRnkK
nDnvGqRxvCnY5VZBAQfLFeGCklMNtNq5c4L4iNp+4UsMveCLNkyymYV87T5skqw9
/l6is52WpJgMbjCga2LF5iAPZd/DMynvNRCnrL8wiUmLhq1ilubAJ41Be6z6h4B0
3t9G5q8PD70c43LYcgIXpdAgoPn71ZeuHrpJaMnLhLG+CWkQ2XV2dqMQeiKMtTVl
pbSAQNnL/18QS/jSQgtT3q6pedQ39mPGdc9a29wMuyQIU1cHMEQ=
=X7Mg
-----END PGP SIGNATURE-----
--- End Message ---
