Control: tag -1 confirmed moreinfo On Sat, Feb 25, 2017 at 11:47:13AM +0100, Laszlo Boszormenyi (GCS) wrote: > There's a NULL pointer problem fixed in the 3.17.0 version of > SQLite that affects the Stretch version. > The bugreport[1] contains a proof of concept code, which doesn't crash > (it seems it doesn't have a security impact) - but still the bug marked > as severe code defect and fixed immediately. Upstream fix[2] is small, > checking the value and assign 0 if it's NULL. Then the next 'if' will > print an error message that the value can not be opened as being NULL. > The debdiff is attached and I hope the upload and later the unblock > can be approved.
Please go ahead and when built on all architectures remove the moreinfo tag from this bug (although please also fix this first:) > --- sqlite3-3.16.2/debian/patches/35-fix-sqlite3_blob_reopen.patch > 1970-01-01 00:00:00.000000000 +0000 > +++ sqlite3-3.16.2/debian/patches/35-fix-sqlite3_blob_reopen.patch > 2017-02-13 17:31:26.000000000 +0000 > @@ -0,0 +1,22 @@ > +Description: Ensure that sqlite3_blob_reopen() correctly handles short rows > + TODO: Put a short summary on the line above and replace this paragraph > + * Non-maintainer upload. > +Origin: upstream, https://www.sqlite.org/src/info/8cd1a4451cce1fe2 > +Author: Laszlo Boszormenyi (GCS) <[email protected]> -- Jonathan Wiltshire [email protected] Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
