From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id jsSsI+R7WmBWOgAA0tVLHw (envelope-from ) for ; Tue, 23 Mar 2021 23:38:12 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id cOFIH+R7WmAXIwAA1q6Kng (envelope-from ) for ; Tue, 23 Mar 2021 23:38:12 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id D9864FBBF for ; Wed, 24 Mar 2021 00:38:11 +0100 (CET) Received: from localhost ([::1]:38494 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lOqbC-0005zQ-Do for larch@yhetil.org; Tue, 23 Mar 2021 19:38:10 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:44436) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lOqb3-0005xO-VJ for bug-guix@gnu.org; Tue, 23 Mar 2021 19:38:01 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:50112) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1lOqb3-0008AZ-Mf for bug-guix@gnu.org; Tue, 23 Mar 2021 19:38:01 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1lOqb3-0003LD-KO for bug-guix@gnu.org; Tue, 23 Mar 2021 19:38:01 -0400 X-Loop: help-debbugs@gnu.org Subject: bug#47231: sqlite package is vulnerable to CVE-2020-11655, CVE-2020-11656, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632, CVE-2020-15358 and CVE-2020-9327 Resent-From: =?UTF-8?Q?L=C3=A9o?= Le Bouter Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Tue, 23 Mar 2021 23:38:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 47231 X-GNU-PR-Package: guix X-GNU-PR-Keywords: security To: 47231@debbugs.gnu.org Received: via spool by 47231-submit@debbugs.gnu.org id=B47231.161654263412785 (code B ref 47231); Tue, 23 Mar 2021 23:38:01 +0000 Received: (at 47231) by debbugs.gnu.org; 23 Mar 2021 23:37:14 +0000 Received: from localhost ([127.0.0.1]:33425 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lOqaI-0003K9-Je for submit@debbugs.gnu.org; Tue, 23 Mar 2021 19:37:14 -0400 Received: from mail.zaclys.net ([178.33.93.72]:36801) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lOqaG-0003Js-V8 for 47231@debbugs.gnu.org; Tue, 23 Mar 2021 19:37:13 -0400 Received: from guix-xps.local (lsl43-1_migr-78-195-19-20.fbx.proxad.net [78.195.19.20] (may be forged)) (authenticated bits=0) by mail.zaclys.net (8.14.7/8.14.7) with ESMTP id 12NNb6LA044948 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for <47231@debbugs.gnu.org>; Wed, 24 Mar 2021 00:37:06 +0100 DMARC-Filter: OpenDMARC Filter v1.3.2 mail.zaclys.net 12NNb6LA044948 Authentication-Results: mail.zaclys.net; spf=fail smtp.mailfrom=lle-bout@zaclys.net DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zaclys.net; s=default; t=1616542626; bh=pLTJDtmK6WwX7bx7IF/e2QI1bcXlyxOqL8D+++aYNcI=; h=Subject:From:To:Date:In-Reply-To:References:From; b=U6C/T9sEzh0RD7DuBojUAcMUQzEycnVyqrrDV5/kq5NnHjWiVD8xcQrsk4abbhixB QDKORNN0ryjWuF8A2Fcr2eGPr36E+TVOmbDkWN5fC8ZX5giE0r6DHKnZy3USEU3R43 KZuxUUR2jszDWDaWYRIcPnOd1WcfkC1tyu6n7SAQ= Message-ID: Date: Wed, 24 Mar 2021 00:37:00 +0100 In-Reply-To: <0381641839f5d0e71cbb496b95b9947a2a2c2799.camel@zaclys.net> References: <0381641839f5d0e71cbb496b95b9947a2a2c2799.camel@zaclys.net> Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-n0oC3Ye6caxDqUISwr1Y" User-Agent: Evolution 3.34.2 MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: "bug-Guix" Reply-to: =?UTF-8?Q?L=C3=A9o?= Le Bouter From: =?UTF-8?Q?L=C3=A9o?= Le Bouter via Bug reports for GNU Guix X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1616542692; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:in-reply-to:in-reply-to:references:references: list-id:list-help:list-unsubscribe:list-subscribe:list-post: dkim-signature; bh=pLTJDtmK6WwX7bx7IF/e2QI1bcXlyxOqL8D+++aYNcI=; b=WwmEQDmQMrEhiuSR5vytGjyS9nbojjqqdfLSGtmDZuwtcMoqW5wOFQgR0bLGb3ndSWkY+K C/KzE9/c1FpeZ0VADh3q8N/lGe9sxrO1f6deve66gzpzu0THXCWcCTNgOmnAV2ysYIaIMs M4lwFQpKAkRUsR069YanMQB6Y1jtB9SQ4zHd/B5v/fJqP+pEXKoYmneNAQXAz5VNJYbDiL PCoGjb1q/23VTOif6LAKrzRpNOeCqnGSyQl0l0za8yPYg4iUoFH7d51HDm56A/KuPfgQAQ w4VR5UT9mGYVnQat1ECRstjuyLMwvFWTYFXxurmHAnd9DJkpzURyCdg86QISLQ== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1616542692; a=rsa-sha256; cv=none; b=jmxcbnbYMP12d0VWDm1yTLwSg9xTXLwLd3yd+g/jHr3xFXYFaOUTkyqsSvhO3frJ1EiNzT g8JiDEcY3NNPscEYCo9rYtlJAAWSe9kaZzjV/hQq0bIePN3Aye2K2wnX1dp8Ppcsz1Ks/p pdElfw6099TsIOdbJ5ZK5LtolacYpOT31U1JVsxwy3MHrhketVvFTWWTvrykG/Sk9AUMX/ iB5WW06PbHK07FpcH780oqb602Lscfi/A/zQF1Tj8F/IjNWMJwx11kGQX+5oWqnTYvRAi/ BFVvl7ZAPt7cjlQkJkugpN/Eygtvq2TTxRTfgnl57kSC76kSCqOISM5aS/blFQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=zaclys.net header.s=default header.b="U6C/T9sE"; spf=pass (aspmx1.migadu.com: domain of bug-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=bug-guix-bounces@gnu.org X-Migadu-Spam-Score: -5.02 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=zaclys.net header.s=default header.b="U6C/T9sE"; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of bug-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=bug-guix-bounces@gnu.org X-Migadu-Queue-Id: D9864FBBF X-Spam-Score: -5.02 X-Migadu-Scanner: scn0.migadu.com X-TUID: 7hHdnDAxsPmI --=-n0oC3Ye6caxDqUISwr1Y Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable One more: CVE-2021-20227 23.03.21 18:15 A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability. --=-n0oC3Ye6caxDqUISwr1Y Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEFIvLi9gL+xax3g6RRaix6GvNEKYFAmBae5wACgkQRaix6GvN EKZHSxAAspoVdkYpeZNVl/kQXjuZ6EVCb9IeS1oIDvwJaeH+CGZ8uX9KxxQhum6U JmLx/UpZTWt30L4WobFdvVmyKFQqYu+o8BTRdq4O4EoimHgtFDb2+MJQHywf2GmH AEu4HMLcD+5Z3T5ejSs2OW6O0c8l6nunQ1wFGU7LEhCnC/P5+dh6dLF5Q3oCy74x vbgdniF1zXWNQ5M1dL5AkDonERIg8AWKZFfGbDqOx2Sd5sdsEBnO1MWrlAUp2w+V skyPlJJSTpJo/MmajSIjCCnokGX8c0wIyMPWj8VIx72B7uamibvxZzYWfpab4IAB 0929b8vzyTuiFB+UyKHlQEthqVVTZWUURGU/LraLKQ2G91ocOyfZAOvsOJcwbJk3 6UvfgsfR00qfPb5lOXW2roxmvng68/OIXGbHvsV5pNTclkAvFOlajvtr5k6MrQmx sPXOfw8Ir8iRRQGydD1OaocD2y60O9Mi0vYhvCDzAIeCweAwFU7bKiDbmTKgXb47 owZnfiWAbfl1ZI0aO63pqiWKl3ErFPuYzuEIWw91hydEhnWIAGMV0ytalKEsqvEA MNt4dfeoD+5uX8RIIqKKehuf70VgBAN9v0T3bl5YOTgO38gTAyKvJ4ux2XgCYWFb H98W0M0BaJlGgG/DAeNKeiKmU1RhFPhGpzxvCoMA88jcsRC34HU= =oyEc -----END PGP SIGNATURE----- --=-n0oC3Ye6caxDqUISwr1Y--