CVE-2019-8457 in Ubuntu

CVE-2019-8457

Priority

Description

SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap
out-of-bound read in the rtreenode() function when handling invalid rtree
tables.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8457
https://www.sqlite.org/src/info/90acdbfce9c08858
https://ubuntu.com/security/notices/USN-4004-1
https://ubuntu.com/security/notices/USN-4004-2
https://ubuntu.com/security/notices/USN-4019-1
https://ubuntu.com/security/notices/USN-4019-2

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929775

Assigned-to

leosilva

Notes

leosilva

db5.3 has a sqlite into /lang/sql/sqlite

Package

Source: chromium (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 20.04 LTS (Focal Fossa):	DNE
Ubuntu 20.10 (Groovy Gorilla):	DNE
Ubuntu 21.04 (Hirsute Hippo):	DNE
Ubuntu 21.10 (Impish Indri):	DNE

Package

Source: db5.3 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 14.04 ESM (Trusty Tahr):	released (5.3.28-3ubuntu3.1+esm1)
Ubuntu 16.06 ESM (Xenial Xerus):	released (5.3.28-11ubuntu0.2)
Ubuntu 18.04 LTS (Bionic Beaver):	released (5.3.28-13.1ubuntu1.1)
Ubuntu 20.04 LTS (Focal Fossa):	released (5.3.28+dfsg1-0.6ubuntu1)
Ubuntu 20.10 (Groovy Gorilla):	released (5.3.28+dfsg1-0.6ubuntu1)
Ubuntu 21.04 (Hirsute Hippo):	released (5.3.28+dfsg1-0.6ubuntu1)
Ubuntu 21.10 (Impish Indri):	released (5.3.28+dfsg1-0.6ubuntu1)

Package

Source: qtwebengine-opensource-src (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	needs-triage
Ubuntu 20.04 LTS (Focal Fossa):	needs-triage
Ubuntu 20.10 (Groovy Gorilla):	ignored (reached end-of-life)
Ubuntu 21.04 (Hirsute Hippo):	needs-triage
Ubuntu 21.10 (Impish Indri):	needs-triage

Package

Source: sqlcipher (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	needed
Ubuntu 20.04 LTS (Focal Fossa):	needed
Ubuntu 20.10 (Groovy Gorilla):	ignored (reached end-of-life)
Ubuntu 21.04 (Hirsute Hippo):	needed
Ubuntu 21.10 (Impish Indri):	needed

Package

Source: sqlite3 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 14.04 ESM (Trusty Tahr):	released (3.8.2-1ubuntu2.2+esm1)
Ubuntu 16.06 ESM (Xenial Xerus):	released (3.11.0-1ubuntu1.2)
Ubuntu 18.04 LTS (Bionic Beaver):	released (3.22.0-1ubuntu0.1)
Ubuntu 20.04 LTS (Focal Fossa):	released (3.27.2-3)
Ubuntu 20.10 (Groovy Gorilla):	released (3.27.2-3)
Ubuntu 21.04 (Hirsute Hippo):	released (3.27.2-3)
Ubuntu 21.10 (Impish Indri):	released (3.27.2-3)

More Information

Updated: 2021-07-23 20:23:51 UTC (commit b0f4187fe3314204ead8f3097e1bb25649eabe49)