Overview

File _patchinfo of Package patchinfo.25854

<patchinfo incident="25854">
  <issue tracker="cve" id="2022-35737"/>
  <issue tracker="cve" id="2021-36690"/>
  <issue tracker="bnc" id="1195773">VUL-0: tcl: embedded sqlite version means that security fixes are not addressed</issue>
  <issue tracker="bnc" id="1201783">VUL-0: CVE-2022-35737: sqlite3: multiple fixes</issue>
  <issue tracker="bnc" id="1189802" />
  <packager>rmax</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for sqlite3</summary>
  <description>This update for sqlite3 fixes the following issues:

- CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783).
- CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802).
  
- Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places