Security update for sqlite3
This update for sqlite3 to version 3.28.0 fixes the following issues:
Security issues fixed:
- CVE-2019-9936: Fixed a heap-based buffer over-read, when running fts5 prefix
queries inside transaction (bsc#1130326).
- CVE-2019-9937: Fixed a denial of service related to interleaving reads and writes in
a single transaction with an fts5 virtual table (bsc#1130325).
This update was imported from the SUSE:SLE-15:Update update project.
- Submitted by Reinhard Max (rmax)
Fixed bugs
bnc#1130325
VUL-1: CVE-2019-9937: sqlite3: interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference
bnc#1130326
VUL-1: CVE-2019-9936: sqlite3: running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read