[SECURITY] [DLA 3107-1] sqlite3 security update

2022-09-1314:25:21

lists.debian.org

Debian LTS Advisory DLA-3107-1 [email protected]
https://www.debian.org/lts/security/ Chris Lamb
September 13, 2022 https://wiki.debian.org/LTS

Package : sqlite3
Version : 3.27.2-3+deb10u2
CVE IDs : CVE-2020-35525 CVE-2020-35527 CVE-2021-20223

It was discovered that there were three issues in SQLite:

CVE-2020-35525: Prevent a potential null pointer deference issue in
INTERSEC query processing.
CVE-2020-35527: Prevent an out-of-bounds access issue that could be
exploited via ALTER TABLE in views that have a nested FROM clauses.
CVE-2021-20223: Prevent an issue with the "unicode61" tokenizer
related to Unicode control characters ("class Cc") and embedded NUL
characters being misinterpreted as tokens.

For Debian 10 buster, these problems have been fixed in version
3.27.2-3+deb10u2.

We recommend that you upgrade your sqlite3 packages.

For the detailed security status of sqlite3 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/sqlite3

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian10allsqlite3< 3.27.2-3+deb10u2sqlite3_3.27.2-3+deb10u2_all.deb
Debian10arm64libsqlite3-0< 3.27.2-3+deb10u2libsqlite3-0_3.27.2-3+deb10u2_arm64.deb
Debian10i386libsqlite3-dev< 3.27.2-3+deb10u2libsqlite3-dev_3.27.2-3+deb10u2_i386.deb
Debian10arm64libsqlite3-tcl< 3.27.2-3+deb10u2libsqlite3-tcl_3.27.2-3+deb10u2_arm64.deb
Debian10i386libsqlite3-tcl< 3.27.2-3+deb10u2libsqlite3-tcl_3.27.2-3+deb10u2_i386.deb
Debian10armhflibsqlite3-tcl< 3.27.2-3+deb10u2libsqlite3-tcl_3.27.2-3+deb10u2_armhf.deb
Debian10arm64libsqlite3-dev< 3.27.2-3+deb10u2libsqlite3-dev_3.27.2-3+deb10u2_arm64.deb
Debian10arm64sqlite3< 3.27.2-3+deb10u2sqlite3_3.27.2-3+deb10u2_arm64.deb
Debian10armhflibsqlite3-dev< 3.27.2-3+deb10u2libsqlite3-dev_3.27.2-3+deb10u2_armhf.deb
Debian10allsqlite3-doc< 3.27.2-3+deb10u2sqlite3-doc_3.27.2-3+deb10u2_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	10	all	sqlite3	< 3.27.2-3+deb10u2	sqlite3_3.27.2-3+deb10u2_all.deb
Debian	10	arm64	libsqlite3-0	< 3.27.2-3+deb10u2	libsqlite3-0_3.27.2-3+deb10u2_arm64.deb
Debian	10	i386	libsqlite3-dev	< 3.27.2-3+deb10u2	libsqlite3-dev_3.27.2-3+deb10u2_i386.deb
Debian	10	arm64	libsqlite3-tcl	< 3.27.2-3+deb10u2	libsqlite3-tcl_3.27.2-3+deb10u2_arm64.deb
Debian	10	i386	libsqlite3-tcl	< 3.27.2-3+deb10u2	libsqlite3-tcl_3.27.2-3+deb10u2_i386.deb
Debian	10	armhf	libsqlite3-tcl	< 3.27.2-3+deb10u2	libsqlite3-tcl_3.27.2-3+deb10u2_armhf.deb
Debian	10	arm64	libsqlite3-dev	< 3.27.2-3+deb10u2	libsqlite3-dev_3.27.2-3+deb10u2_arm64.deb
Debian	10	arm64	sqlite3	< 3.27.2-3+deb10u2	sqlite3_3.27.2-3+deb10u2_arm64.deb
Debian	10	armhf	libsqlite3-dev	< 3.27.2-3+deb10u2	libsqlite3-dev_3.27.2-3+deb10u2_armhf.deb
Debian	10	all	sqlite3-doc	< 3.27.2-3+deb10u2	sqlite3-doc_3.27.2-3+deb10u2_all.deb