Overview

File _patchinfo of Package patchinfo.11016

<patchinfo incident="11016">
  <issue tracker="cve" id="2017-10989"/>
  <issue tracker="cve" id="2018-8740"/>
  <issue tracker="cve" id="2019-8457"/>
  <issue tracker="bnc" id="1136976">VUL-0: CVE-2019-8457: sqlite3: heap out-of-bound read in the rtreenode() function when handling invalid rtree tables</issue>
  <issue tracker="bnc" id="1132045">VUL-1: CVE-2017-10989: sqlite3: getNodeSize function in ext/rtree/rtree.c issues</issue>
  <issue tracker="bnc" id="1085790">VUL-1: CVE-2018-8740: sqlite3, sqlite2: Databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference</issue>
  <packager>rmax</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for sqlite3</summary>
  <description>This update for sqlite3 fixes the following issues:

Security issue fixed:

- CVE-2019-8457: Fixed a Heap out-of-bound read in rtreenode() when handling invalid rtree tables (bsc#1136976).
- CVE-2018-8740: Fixed a NULL pointer dereference related to corrupted databases schemas (bsc#1085790).
- CVE-2017-10989: Fixed a heap-based buffer over-read in getNodeSize() (bsc#1132045).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places