Control: tags -1 - moreinfo Hi
On Sun, Jun 04, 2017 at 11:20:00AM +0000, Niels Thykier wrote: > Control: tags -1 confirmed moreinfo > > László Böszörményi (GCS): > > Package: release.debian.org > > User: [email protected] > > Usertags: unblock > > > > Hi Release Team, > > > > I would like to upload a security related update for sqlite3. It contains: > > - Prevent a possible NULL pointer dereference in the OP_Found opcode > > that can follow an OOM error. Problem found by OSS-Fuzz[1], > > - Stack overflow while parsing deeply nested JSON[2], > > - JSON allows unescaped control characters in strings[3], > > - JSON extension accepts invalid numeric values[4]. > > > > Upstream tagged these as 'code defect' and severity 'severe'. The > > changes itself are small and the 3.19.2-1 version in experimental > > contains these fixes. > > > > Debdiff is attached. Thanks for consideration. > > > > Regards, > > Laszlo/GCS > > [1] http://www.sqlite.org/src/info/c2de178fe7e2e4e0 > > [2] https://www.sqlite.org/src/info/981329adeef51011052 > > [3] https://www.sqlite.org/src/info/6c9b5514077fed34551 > > [4] https://www.sqlite.org/src/info/b93be8729a895a528e2 > > > > Ack, please go ahead. Given the deadlines for migration, ideally this > upload is completed no later than Monday. Remvoing the moreinfo tag, since uploaded and built on all release architectures afaics. Regards, Salvatore
