Your message dated Wed, 09 Apr 2025 16:20:48 +0000
with message-id <[email protected]>
and subject line Bug#1102411: fixed in sqlite3 3.46.1-3
has caused the Debian Bug report #1102411,
regarding sqlite3: CVE-2025-29087
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1102411: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102411
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: sqlite3
Version: 3.46.1-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi Laszlo
The following vulnerability was published for sqlite3.
CVE-2025-29087[0]:
| Sqlite 3.49.0 is susceptible to integer overflow through the concat
| function.
Unfortunately the information available is quite scarce, can you reach
out to upstream to see if we can have the issue pinpointed more
precisely, having upstream references?
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-29087
https://www.cve.org/CVERecord?id=CVE-2025-29087
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: sqlite3
Source-Version: 3.46.1-3
Done: Laszlo Boszormenyi (GCS) <[email protected]>
We believe that the bug you reported is fixed in the latest version of
sqlite3, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Laszlo Boszormenyi (GCS) <[email protected]> (supplier of updated sqlite3 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 09 Apr 2025 16:39:52 +0200
Source: sqlite3
Architecture: source
Version: 3.46.1-3
Distribution: unstable
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <[email protected]>
Changed-By: Laszlo Boszormenyi (GCS) <[email protected]>
Closes: 1084194 1102411
Changes:
sqlite3 (3.46.1-3) unstable; urgency=high
.
* Backport upstream security fix for CVE-2025-29087: the concat_ws()
function could lead to a memory error if the separator string is very
large (hundreds of megabytes) (closes: #1102411).
* Move sqldiff man page to sqlite3-tools package (closes: #1084194).
Checksums-Sha1:
d68bf37ce486078c1a4fef62425f43d810238df0 2632 sqlite3_3.46.1-3.dsc
4cbc448347c8ceb74f8ed51e6966f72c60c4fd32 30968 sqlite3_3.46.1-3.debian.tar.xz
Checksums-Sha256:
6ac6601da84b8e01bbf742e0d15bbdf076a5969f8dfb5175a3a6fb3f95ba6ac5 2632
sqlite3_3.46.1-3.dsc
31e87bd93c95b198c0cfd25eebd0a8e79d53d37601df80f548a2804f810234e9 30968
sqlite3_3.46.1-3.debian.tar.xz
Files:
a5579de2c7887b9fec425a1bb5f4f834 2632 devel optional sqlite3_3.46.1-3.dsc
20ca2b2a9a0037d5baece085ca1cac8c 30968 devel optional
sqlite3_3.46.1-3.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAmf2megACgkQ3OMQ54ZM
yL9HiA/6Anc1bDQ2kCjbHzJcEHxTSBCVk0uuL+TnQWqnj0MEowAmm+uZtVijBoFE
UA1KXAmEn/q/0dgxRKd7z1uVB9HWFyjGGa0sNPgli/XnLi1S0vlBAlDKFj5ul7Sk
nVJvEXhpXUsQpF9i9ApsaH1/m7afoUP30ClQtAyQllSVz0rNvI7tE8OIVkB9nfno
L5jMbNxPBriD2Td8GHg2TeoLXB/8ilFMrl5xMJbwgJuQdRUMgYFoU/dfgSeYRqdf
pCzl+vs1L5sTn19rsxUE6RKg9oACCoVxm66AwhpLntxEAuOXxNxNzDKCOATDYXKG
AOL9YLM60mLvMQpPnP3FrRR2PKzYSDQyl7EeGP0sYoMIJxSovPI9Raimm9PE+x7N
90sMGem63qBKtlnjK0MgrjKagAC5gBLMP17c8FY3ffoSuN/e6HWF3fsqgQAqwiq4
Ie4yM5gbFzubWgEYoeqgmITpwcaCf+oZn7rPc1pq0IXBjtiz7byJvhz6yYcdPWlu
HP7A/Cqat1Hu0T3wvxtgec6+3eM/KwBULPrFErzIgxdFQXUy1T7chvy1oRBHmLGD
9qPDNIN19UxhnbvMvqyclMcRAMkQRlc81xpr61B8E5EJvwyL9mryVnFOCyoCBamo
54tuB3pOxCS7zj5AW+FikMYmXLX5eh9mFaRvnVbqiNW4/0oTtbE=
=P5ks
-----END PGP SIGNATURE-----
pgp5g8m9gObWU.pgp
Description: PGP signature
--- End Message ---
