Your message dated Fri, 25 Jul 2025 21:20:57 +0000
with message-id <[email protected]>
and subject line Bug#1109379: fixed in sqlite3 3.46.1-7
has caused the Debian Bug report #1109379,
regarding sqlite3: CVE-2025-6965
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1109379: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109379
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: sqlite3
X-Debbugs-CC: [email protected]
Severity: important
Tags: security
Hi,
The following vulnerability was published for sqlite3.
CVE-2025-6965[0]:
| There exists a vulnerability in SQLite versions before 3.50.2 where
| the number of aggregate terms could exceed the number of columns
| available. This could lead to a memory corruption issue. We
| recommend upgrading to version 3.50.2 or above.
https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-6965
https://www.cve.org/CVERecord?id=CVE-2025-6965
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: sqlite3
Source-Version: 3.46.1-7
Done: Laszlo Boszormenyi (GCS) <[email protected]>
We believe that the bug you reported is fixed in the latest version of
sqlite3, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Laszlo Boszormenyi (GCS) <[email protected]> (supplier of updated sqlite3 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 25 Jul 2025 21:04:34 +0200
Source: sqlite3
Architecture: source
Version: 3.46.1-7
Distribution: unstable
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <[email protected]>
Changed-By: Laszlo Boszormenyi (GCS) <[email protected]>
Closes: 1109379
Changes:
sqlite3 (3.46.1-7) unstable; urgency=high
.
* Backport upstream security fix for CVE-2025-6965: the number of aggregate
terms could exceed the number of columns available (closes: #1109379).
Checksums-Sha1:
579bb79a2f583a762f0ce23b775829260cd4e00d 2632 sqlite3_3.46.1-7.dsc
d1b98558feab1aabca43c5cc25b3de4dbea529b3 35444 sqlite3_3.46.1-7.debian.tar.xz
Checksums-Sha256:
a832512ba6bfe3ae15e7174e8e8c975b04ea00ff75cb445b32c0087258ac2aa4 2632
sqlite3_3.46.1-7.dsc
dabc7eefd60b137bc2e838555450fc2d1e0eb2ebd7ec3a711d313fa78288acce 35444
sqlite3_3.46.1-7.debian.tar.xz
Files:
0c7b8b9670344d91abd1f89db6373992 2632 devel optional sqlite3_3.46.1-7.dsc
6e1c42ad55b3b76afa6e7213f4fc1272 35444 devel optional
sqlite3_3.46.1-7.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAmiD8gAACgkQ3OMQ54ZM
yL8fhg/+N91g1rnmLSrhrBRP+rI1eln6y5qGs+458Rrwo14ZNTrQIlJjy1bkoVrK
AnQkLl25LnzX6BGcbIz6IqPmD45tJzfCFuKyn4y9qp2tt933AfmWkMY5xa8VgvRr
ZwTjYUmLxPewZxDBhcZK+Xvh7aLlLohPTa/iKg7DIChN4ecangHz0xwWDn3ZFggI
CiE1AKpopOBXjhJni0X4nA8SOZ+SIYfYWEURkq3w+OLWnllzQpPGgA+OFaZ7jTIv
85mOxg/a0H85iPJTfGB97GqqQAozbAtxm7kCui2aTDDyUhGwMi13lSBeusHdT50I
WXy9zl0iOgwiK1BThmj2xXVME9CYqEgszzqdJvkkvC9ZE9CRPCnupeT97sLnv/pI
77YcxAKyPk7plz98+4Wj0Qpt1U499f/J0NqXAuI0KztRxvya/uDD36oRMS4l5dLp
PrQ/r9gtDuwIZeDctLu0QFP6Z79ZAAByp9s2S3ulCKqp1MNRJAiSRjLON8n8j6Ry
xkFj1TQ5ljPbGUbBm35EpLD9cSlILTpLPRveKawmcI3r8Q5CbvOh616gqaaXUZII
/Mjsjo5Sv2CM/+uyfBPZMvz078TyXkp0nnTNVB4tvj8aSuQyEoTOmF9iqWPcYBjs
fVLbDvFIB5KrzvHQuLsQvkB3oywe+wnvddbOMoCboO5pfq3K9Z4=
=L6VU
-----END PGP SIGNATURE-----
pgppR4zqCp7gj.pgp
Description: PGP signature
--- End Message ---
