AlmaLinux 2316 Published by

A mingw packages security and bug fix update has been released for AlmaLinux.



ALSA-2021:1968 Moderate: mingw packages security and bug fix update


Type:
security

Severity:
moderate

Release date:
2021-05-18

Description
The following packages have been upgraded to a later upstream version: mingw-sqlite (3.26.0.0). (BZ#1845475)
Security Fix(es):
* sqlite: Division by zero in whereLoopAddBtreeIndex in sqlite3.c (CVE-2019-16168)
* sqlite: Integer overflow in sqlite3_str_vappendf function in printf.c (CVE-2020-13434)
* sqlite: Use-after-free in fts3EvalNextRow in ext/fts3/fts3.c (CVE-2020-13630)
* sqlite: Virtual table can be renamed into the name of one of its shadow tables (CVE-2020-13631)
* sqlite: NULL pointer dereference in ext/fts3/fts3_snippet.c via a crafted matchinfo() query (CVE-2020-13632)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References:
CVE-2019-16168
CVE-2020-13434
CVE-2020-13630
CVE-2020-13631
CVE-2020-13632

Updates packages:
mingw-binutils-generic-2.30-3.el8.x86_64.rpm
mingw-filesystem-base-104-2.el8.noarch.rpm
mingw32-binutils-2.30-3.el8.x86_64.rpm
mingw32-bzip2-1.0.6-14.el8.noarch.rpm
mingw32-bzip2-static-1.0.6-14.el8.noarch.rpm
mingw32-filesystem-104-2.el8.noarch.rpm
mingw32-sqlite-3.26.0.0-1.el8.noarch.rpm
mingw32-sqlite-static-3.26.0.0-1.el8.noarch.rpm
mingw64-binutils-2.30-3.el8.x86_64.rpm
mingw64-bzip2-1.0.6-14.el8.noarch.rpm
mingw64-bzip2-static-1.0.6-14.el8.noarch.rpm
mingw64-filesystem-104-2.el8.noarch.rpm
mingw64-sqlite-3.26.0.0-1.el8.noarch.rpm
mingw64-sqlite-static-3.26.0.0-1.el8.noarch.rpm

Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.

  ALSA-2021:1968 Moderate: mingw packages security and bug fix update