Source: sqlite3 Version: 3.20.1-1 Severity: important Tags: security upstream
Hi, the following vulnerability was published for sqlite3. CVE-2017-15286[0]: | SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in | shell.c because it fails to consider certain cases where | `sqlite3_step(pStmt)==SQLITE_ROW` is false and a data structure is | never initialized. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-15286 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15286 [1] https://github.com/Ha0Team/crash-of-sqlite3/blob/master/poc.md [2] http://www.sqlite.org/src/info/5d0ceb8dcdef92cd Attaching the poc.db. Please adjust the affected versions in the BTS as needed. Regards, Salvatore