CVE-2020-13631

Priority
Description
SQLite before 3.32.0 allows a virtual table to be renamed to the name of
one of its shadow tables, related to alter.c and build.c.
Assigned-to
mdeslaur
Notes
mdeslaurThe code changes required to backport the fix for this issue to
older versions of SQLite shipped in Ubuntu stable releases is
subtantial and may introduce regressions. Due to the low
severity of this issue, we will not be releasing a fix for
Ubuntu 18.04 LTS and earlier. Marking as ignored.
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):ignored
Ubuntu 16.04 LTS (Xenial Xerus):ignored
Ubuntu 18.04 LTS (Bionic Beaver):ignored
Ubuntu 19.10 (Eoan Ermine):ignored
Ubuntu 20.04 LTS (Focal Fossa):ignored
Ubuntu 20.10 (Groovy Gorilla):ignored
Package
Upstream:released (3.32.0-1)
Ubuntu 12.04 ESM (Precise Pangolin):ignored
Ubuntu 14.04 ESM (Trusty Tahr):ignored
Ubuntu 16.04 LTS (Xenial Xerus):ignored
Ubuntu 18.04 LTS (Bionic Beaver):ignored
Ubuntu 19.10 (Eoan Ermine):released (3.29.0-2ubuntu0.3)
Ubuntu 20.04 LTS (Focal Fossa):released (3.31.1-4ubuntu0.1)
Ubuntu 20.10 (Groovy Gorilla):pending (3.32.2-2)
Patches:
Upstream:https://sqlite.org/src/info/eca0ba2cf4c0fdf7
Upstream:https://github.com/sqlite/sqlite/commit/3d863b5e4efb2305d64f87a2128289d1c3ce09b6
More Information

Updated: 2020-06-18 16:14:44 UTC (commit e68e16a7a826106828db41d67b55bc933c9cfd5f)