A sqlite3 security update has been released for Debian GNU/Linux 10 to address three issues.
DLA 3107-1: sqlite3 security update
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3107-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Chris Lamb
September 13, 2022 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : sqlite3
Version : 3.27.2-3+deb10u2
CVE IDs : CVE-2020-35525 CVE-2020-35527 CVE-2021-20223
It was discovered that there were three issues in SQLite:
* CVE-2020-35525: Prevent a potential null pointer deference issue in
INTERSEC query processing.
* CVE-2020-35527: Prevent an out-of-bounds access issue that could be
exploited via ALTER TABLE in views that have a nested FROM clauses.
* CVE-2021-20223: Prevent an issue with the "unicode61" tokenizer
related to Unicode control characters ("class Cc") and embedded NUL
characters being misinterpreted as tokens.
For Debian 10 buster, these problems have been fixed in version
3.27.2-3+deb10u2.
We recommend that you upgrade your sqlite3 packages.
For the detailed security status of sqlite3 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/sqlite3
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS