-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : sqlite3 Version : 3.8.7.1-1+deb8u4 CVE ID : CVE-2017-2518 CVE-2017-2519 CVE-2017-2520 CVE-2017-10989 CVE-2018-8740 Debian Bug : 867618 893195
Several flaws were corrected in SQLite, an SQL database engine. CVE-2017-2518 A use-after-free bug in the query optimizer may cause a buffer overflow and application crash via a crafted SQL statement. CVE-2017-2519 Insufficient size of the reference count on Table objects could lead to a denial-of-service or arbitrary code execution. CVE-2017-2520 The sqlite3_value_text() interface returned a buffer that was not large enough to hold the complete string plus zero terminator when the input was a zeroblob. This could lead to arbitrary code execution or a denial-of-service. CVE-2017-10989 SQLite mishandles undersized RTree blobs in a crafted database leading to a heap-based buffer over-read or possibly unspecified other impact. CVE-2018-8740 Databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference. For Debian 8 "Jessie", these problems have been fixed in version 3.8.7.1-1+deb8u4. We recommend that you upgrade your sqlite3 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlw45RNfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeQkQg//f++F0/eNLDz681Vf2Ib8XpmGllFBblaBFVfZOkdHtUg5HbM9lhPH7lyJ owCZrhEb6C9W/FOiDjIwJxMumvUXv6IDjgjBsS++5L1bpTEtZQYUmVIJmu3FEGN4 Gwy9+uZhgoErE252tnr1/PS1niyl5+EaKzIi3rZp+9vVVDIP/gGSDA4FSToRepz8 ApuRoLBShIfyE4cZTyFNLeFH5t7A6vnSwNQeqMfg3V0e+NuPPVZJoqrRIjXNmoc9 /uiG/lwQkdpxj7eDz6bZ3F9BuQhtXjkZxIqaaMZpBq3vD8eWiHrySqDvYHboy50e yDr4D8eX7rvkcPH40TvS6xOwNtLONy8zRRKGCKRWhnnujdWFIYXFDpkVubfV36m/ AyWmcJ5JdCVCu6vCA0BrosD+JO2THre3y73AsmUR6S2pxZqo5jwawxma4yEsVGgT Q/BaSzaJ2306ZYxk0mzDgyWekT4zCxWPa5yE7x7vhyjPsWBwkLqvtQv1ZYwJzrAE rfhdgZBc4n8Hjpz8s2RG6D9bvk5OGZ8clIYrG6XPNux3+BgXtSkMaQ8z4b/62CY6 Fe6zALjbdzI7iKECzPveWykYD2UdfRuv7vJrngVPiZ6vbKC04hw0J8pcmyd2ckY7 vUvhBZMVu3lhS2e2wz+eS4HERKcCOdYj/rBoqEsjcOH7R2iWUzI= =oDiQ -----END PGP SIGNATURE-----