system/sqlite: multiple vulnerabilities
| Bugzilla ID | 245 |
| Alias(es) | CVE-2020-11655, CVE-2020-11656, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632, CVE-2020-13871, CVE-2020-15358, CVE-2020-9327 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-03-16 19:54:09 -0500 |
| Modified | 2020-07-01 14:18:58 -0500 |
| Status | CONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | system/sqlite |
Description
CVE-2020-9327: https://nvd.nist.gov/vuln/detail/CVE-2020-9327
In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger
a NULL pointer dereference and segmentation fault because of generated
column optimizations.
Unreleased fix
https://github.com/sqlite/sqlite/commit/bf48ce49f7c25e5d4524de9fdc5c0d505218d06d
https://github.com/sqlite/sqlite/commit/78d1d225d87af40f5bdca57fa72f00b6ffaffa21
Since we currently build from the amalgamation distribution, this will need to wait on either an overhaul of the entire aport or a new release.