projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: df36d26) | patch
sqlite: add security patches
authorBaruch Siach <baruch@tkos.co.il>
Sun, 22 Oct 2017 14:00:08 +0000 (16:00 +0200)
committerThomas Petazzoni <thomas.petazzoni@free-electrons.com>
Sun, 22 Oct 2017 14:37:18 +0000 (16:37 +0200)
commitd3c96bd5a6d3d64ab9c61104c6078b4bc89b12ec
tree5529dc45c2f3e0bcd3b3f1c3716ff88a99955988tree
parentdf36d26d061000105de071af54774194cb39b665commit | diff
sqlite: add security patches

CVE-2017-13685: The dump_callback function in SQLite 3.20.0 allows
remote attackers to cause a denial of service (EXC_BAD_ACCESS and
application crash) via a crafted file.

CVE-2017-15286: SQLite 3.20.1 has a NULL pointer dereference in
tableColumnList in shell.c
because it fails to consider certain cases where
`sqlite3_step(pStmt)==SQLITE_ROW` is false and a data structure is never
initialized.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
package/sqlite/0001-CVE-2017-13685.patch [new file with mode: 0644] blob
package/sqlite/0002-CVE-2017-15286.patch [new file with mode: 0644] blob