CVE-2019-8457 in Ubuntu

CVE-2019-8457

Priority

Description

SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap
out-of-bound read in the rtreenode() function when handling invalid rtree
tables.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8457
https://www.sqlite.org/src/info/90acdbfce9c08858
https://usn.ubuntu.com/usn/usn-4004-1
https://usn.ubuntu.com/usn/usn-4004-2
https://usn.ubuntu.com/usn/usn-4019-1
https://usn.ubuntu.com/usn/usn-4019-2

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929775

Assigned-to

leosilva

Notes

leosilva

db5.3 has a sqlite into /lang/sql/sqlite

Package

Source: chromium (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 19.10 (Eoan Ermine):	DNE
Ubuntu 20.04 (Focal Fossa):	DNE

Package

Source: db5.3 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	released (5.3.28-3ubuntu3.1+esm1)
Ubuntu 16.04 LTS (Xenial Xerus):	released (5.3.28-11ubuntu0.2)
Ubuntu 18.04 LTS (Bionic Beaver):	released (5.3.28-13.1ubuntu1.1)
Ubuntu 19.10 (Eoan Ermine):	released (5.3.28+dfsg1-0.6ubuntu1)
Ubuntu 20.04 (Focal Fossa):	released (5.3.28+dfsg1-0.6ubuntu1)

Package

Source: qtwebengine-opensource-src (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	needs-triage
Ubuntu 19.10 (Eoan Ermine):	needs-triage
Ubuntu 20.04 (Focal Fossa):	needs-triage

Package

Source: sqlcipher (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	needed
Ubuntu 18.04 LTS (Bionic Beaver):	needed
Ubuntu 19.10 (Eoan Ermine):	needed
Ubuntu 20.04 (Focal Fossa):	needed

Package

Source: sqlite3 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):	released (3.7.9-2ubuntu1.3)
Ubuntu 14.04 ESM (Trusty Tahr):	released (3.8.2-1ubuntu2.2+esm1)
Ubuntu 16.04 LTS (Xenial Xerus):	released (3.11.0-1ubuntu1.2)
Ubuntu 18.04 LTS (Bionic Beaver):	released (3.22.0-1ubuntu0.1)
Ubuntu 19.10 (Eoan Ermine):	released (3.27.2-3)
Ubuntu 20.04 (Focal Fossa):	released (3.27.2-3)

More Information

Updated: 2020-03-18 21:42:55 UTC (commit 2ea7df7bd1e69e1e489978d2724a936eb3faa1b8)