Debian 10220 Published by

A sqlite3 security update has been released for Debian GNU/Linux 8 Extended LTS to address multiple vulnerabilities.



ELA-666-1 sqlite3 security update

Package sqlite3
Version 3.8.7.1-1+deb8u7 (jessie)
Related CVEs CVE-2019-16168 CVE-2019-20218

Multiple fixes for vulnerabilities were backported from Debian stretch to Debian jessie. The two fixed vulnerabilities could result in crashes when working with BTree indexes, and in unexpected behaviour after parsing errors in WITH clauses.

Debian 9 stretch is not affected, the changes have been delivered there before.

For Debian 8 jessie, these problems have been fixed in version 3.8.7.1-1+deb8u7.

We recommend that you upgrade your sqlite3 packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/

  ELA-666-1 sqlite3 security update