src - FreeBSD source tree

diff options

author	Cy Schubert <cy@FreeBSD.org>	2020-06-13 04:47:59 +0000
committer	Cy Schubert <cy@FreeBSD.org>	2020-06-13 04:47:59 +0000
commit	9236bd4bb7756d897985a8a4232593ef806b1ec0 (patch)
tree	94756ebd07e1e241b9c7c49acb434962f66d0f8a /contrib/sqlite3/sqlite3.h
parent	8bc0d2b8553e012412d03468f84588dc34dea4c4 (diff)
parent	1c35d1a9f69c75801a843cf1614fb838e43b3d45 (diff)

MFV r362143:

Update sqlite3 to 3.32.2 (3320200). CVE-2020-11655: SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled. CVE-2020-13434: SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. CVE-2020-13435: SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c. CVE-2020-13630: ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature CVE-2020-13631: SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c. CVE-2020-13632: ext/fts3/fts3_snippet.c in SQLite before 3.32.0 ha s a NULL pointer dereference via a crafted matchinfo() query. PR: 247149 Reported by: spam123@bitbert.com MFC after: 3 days Security: vuxml: c4ac9c79-ab37-11ea-8b5e-b42e99a1b9c3 https://nvd.nist.gov/vuln/detail/CVE-2020-11655 https://nvd.nist.gov/vuln/detail/CVE-2020-13434 https://nvd.nist.gov/vuln/detail/CVE-2020-13435 https://nvd.nist.gov/vuln/detail/CVE-2020-13630 https://nvd.nist.gov/vuln/detail/CVE-2020-13631 https://nvd.nist.gov/vuln/detail/CVE-2020-13632

Notes

Notes: svn path=/head/; revision=362145

Diffstat (limited to 'contrib/sqlite3/sqlite3.h')

-rw-r--r--

contrib/sqlite3/sqlite3.h

1 files changed, 3 insertions, 3 deletions


context:
space:
mode: