PublicDateAtUSN: 2019-11-25 20:15:00 UTC
Candidate: CVE-2019-19244
PublicDate: 2019-11-25 20:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19244
 https://ubuntu.com/security/notices/USN-4205-1
Description:
 sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select
 uses both DISTINCT and window functions, and also has certain ORDER BY
 usage.
Ubuntu-Description:
Notes:
 leosilva> there is no support for pWin in bionic, so
 leosilva> marking as not-affected.
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to: leosilva
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]

Patches_sqlite:
upstream_sqlite: needs-triage
precise/esm_sqlite: DNE
trusty_sqlite: ignored (out of standard support)
trusty/esm_sqlite: not-affected (code not present)
xenial_sqlite: not-affected (code not present)
bionic_sqlite: not-affected (code not present)
disco_sqlite: not-affected (code not present)
eoan_sqlite: not-affected (code not present)
devel_sqlite: not-affected (code not present)

Patches_sqlite3:
 upstream: https://github.com/sqlite/sqlite/commit/e59c562b3f6894f84c715772c4b116d7b5c01348
upstream_sqlite3: needs-triage
precise/esm_sqlite3: not-affected
trusty_sqlite3: ignored (out of standard support)
trusty/esm_sqlite3: not-affected
xenial_sqlite3: not-affected
esm-infra/xenial_sqlite3: not-affected
bionic_sqlite3: not-affected
disco_sqlite3: released (3.27.2-2ubuntu0.2)
eoan_sqlite3: released (3.29.0-2ubuntu0.1)
devel_sqlite3: released (3.30.1-1ubuntu1)