Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP1:Update
patchinfo.20263
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.20263
<patchinfo incident="20263"> <issue tracker="jsc" id="SLE-16032"/> <issue tracker="cve" id="2019-19924"/> <issue tracker="cve" id="2020-13435"/> <issue tracker="cve" id="2015-3414"/> <issue tracker="cve" id="2019-19923"/> <issue tracker="cve" id="2020-13631"/> <issue tracker="cve" id="2015-3415"/> <issue tracker="cve" id="2019-19925"/> <issue tracker="cve" id="2020-13630"/> <issue tracker="cve" id="2019-19317"/> <issue tracker="cve" id="2020-15358"/> <issue tracker="cve" id="2019-19603"/> <issue tracker="cve" id="2020-13632"/> <issue tracker="cve" id="2020-9327"/> <issue tracker="cve" id="2019-19959"/> <issue tracker="cve" id="2019-19926"/> <issue tracker="cve" id="2019-19645"/> <issue tracker="cve" id="2019-19244"/> <issue tracker="cve" id="2019-20218"/> <issue tracker="cve" id="2019-19880"/> <issue tracker="cve" id="2020-13434"/> <issue tracker="cve" id="2019-19646"/> <issue tracker="bnc" id="1159850">VUL-1: CVE-2019-19924: sqlite3: improper error handling in sqlite3WindowRewrite()</issue> <issue tracker="bnc" id="928701">VUL-1: CVE-2015-3415: sqlite3: sqlite3VdbeExec comparison operator vulnerability</issue> <issue tracker="bnc" id="1164719">VUL-1: CVE-2020-9327: sqlite3: NULL pointer dereference and segmentation fault because of generated column optimizations in isAuxiliaryVtabOperator</issue> <issue tracker="bnc" id="1160309">VUL-1: CVE-2019-19923: sqlite3 : improper handling of certain uses of SELECT DISTINCT in flattenSubquery may lead to null pointer dereference</issue> <issue tracker="bnc" id="1159715">VUL-1: CVE-2019-19926: sqlite3: improper handling of certain errors during parsing multiSelect in select.c</issue> <issue tracker="bnc" id="1172091">VUL-0: CVE-2020-13435: sqlite3: Segfault in sqlite3ExprCodeTarget</issue> <issue tracker="bnc" id="1172115">VUL-0: CVE-2020-13434: sqlite3: integer overflow in sqlite3_str_vappendf in printf.c.</issue> <issue tracker="bnc" id="1158958">VUL-0: CVE-2019-19645: sqlite3: alter.c allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements</issue> <issue tracker="bnc" id="1172234">VUL-0: CVE-2020-13630: sqlite3: use-after-free in fts3EvalNextRow</issue> <issue tracker="bnc" id="1158812">VUL-1: CVE-2019-19317: sqlite3: lookupName in resolve.c omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service</issue> <issue tracker="bnc" id="1159491">VUL-1: CVE-2019-19880: sqlite3: exprListAppendList in window.c allows attackers to trigger an invalid pointer dereference</issue> <issue tracker="bnc" id="1172240">VUL-0: CVE-2020-13632: sqlite3: null pointer dereference via a crafted matchinfo() query</issue> <issue tracker="bnc" id="1157818">VUL-0: CVE-2019-19244: sqlite3,sqlite2,sqlite: The function sqlite3Select in select.c allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage</issue> <issue tracker="bnc" id="928700">VUL-1: CVE-2015-3414: sqlite3,sqlite2: dequoting of collation-sequence names</issue> <issue tracker="bnc" id="1160438">VUL-0: CVE-2019-19959: sqlite3: memory-management error via ext/misc/zipfile.c involving embedded '\0' input</issue> <issue tracker="bnc" id="1160439">VUL-0: CVE-2019-20218: sqlite3: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error</issue> <issue tracker="bnc" id="1158959">VUL-1: CVE-2019-19646: sqlite3: pragma.c mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns</issue> <issue tracker="bnc" id="1158960">VUL-1: CVE-2019-19603: sqlite3: during handling of CREATE TABLE and CREATE VIEW statements, does not consider confusion with a shadow table name</issue> <issue tracker="bnc" id="1159847">VUL-1: CVE-2019-19925: sqlite3: improper handling of NULL pathname during an update of a ZIP archive</issue> <issue tracker="bnc" id="1173641">VUL-0: CVE-2020-15358: sqlite3: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener optimization</issue> <issue tracker="bnc" id="1172236">VUL-0: CVE-2020-13631: sqlite3: a virtual table is allowed to be renamed to the name of one of its shadow tables leading to infinite loop</issue> <packager>rmax</packager> <rating>important</rating> <category>security</category> <summary>Security update for sqlite3</summary> <description>This update for sqlite3 fixes the following issues: - Update to version 3.36.0 - CVE-2020-15358: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener optimization (bsc#1173641) - CVE-2020-9327: NULL pointer dereference and segmentation fault because of generated column optimizations in isAuxiliaryVtabOperator (bsc#1164719) - CVE-2019-20218: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error (bsc#1160439) - CVE-2019-19959: memory-management error via ext/misc/zipfile.c involving embedded '\0' input (bsc#1160438) - CVE-2019-19923: improper handling of certain uses of SELECT DISTINCT in flattenSubquery may lead to null pointer dereference (bsc#1160309) - CVE-2019-19924: improper error handling in sqlite3WindowRewrite() (bsc#1159850) - CVE-2019-19925: improper handling of NULL pathname during an update of a ZIP archive (bsc#1159847) - CVE-2019-19926: improper handling of certain errors during parsing multiSelect in select.c (bsc#1159715) - CVE-2019-19880: exprListAppendList in window.c allows attackers to trigger an invalid pointer dereference (bsc#1159491) - CVE-2019-19603: during handling of CREATE TABLE and CREATE VIEW statements, does not consider confusion with a shadow table name (bsc#1158960) - CVE-2019-19646: pragma.c mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns (bsc#1158959) - CVE-2019-19645: alter.c allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements (bsc#1158958) - CVE-2019-19317: lookupName in resolve.c omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service (bsc#1158812) - CVE-2019-19244: sqlite3,sqlite2,sqlite: The function sqlite3Select in select.c allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage (bsc#1157818) - CVE-2015-3415: sqlite3VdbeExec comparison operator vulnerability (bsc#928701) - CVE-2015-3414: sqlite3,sqlite2: dequoting of collation-sequence names (bsc#928700) - CVE-2020-13434: integer overflow in sqlite3_str_vappendf (bsc#1172115) - CVE-2020-13630: (bsc#1172234: use-after-free in fts3EvalNextRow - CVE-2020-13631: virtual table allowed to be renamed to one of its shadow tables (bsc#1172236) - CVE-2020-13632: NULL pointer dereference via crafted matchinfo() query (bsc#1172240) - CVE-2020-13435: Malicious SQL statements could have crashed the process that is running SQLite (bsc#1172091) </description> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor