Vijay Anusuri
78749ad27d
sqlite3: Fix CVE-2025-70873
...
Pick patch as per [1]
[1] https://sqlite.org/src/info/3d459f1fb1bd1b5e
[2] https://sqlite.org/forum/forumpost/761eac3c82
[3] https://gist.github.com/cnwangjihe/f496393f30f5ecec5b18c8f5ab072054
(From OE-Core rev: c83cd0147548921f87d4167f6a4a7c58ddc8600f)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Yoann Congal <yoann.congal@smile.fr >
Signed-off-by: Paul Barker <paul@pbarker.dev >
2026-04-10 11:53:18 +01:00
Steve Sakoman
d655701622
Revert "sqlite3: patch CVE-2025-7458"
...
We have found that since this patch SELECT queries with
COUNT(DISTINCT(column)) seem to cause sqlite to segfault
This reverts commit 4d5093e5103016c08b3a32fd83b1ec9edd87cd5a.
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-09-01 08:25:16 -07:00
Peter Marko
a7f2f317f5
sqlite3: ignore CVE-2025-3277
...
The vulnerable code was introduced in 3.44.0 via [1].
(See fix commit [2])
Also Debian says "not vulnerabele yet for 3.40.1 in [3]
[1] https://github.com/sqlite/sqlite/commit/e1e67abc5cf67f931aab1e471eda23d73f51d456
[2] https://sqlite.org/src/info/498e3f1cf57f164f
[3] https://security-tracker.debian.org/tracker/CVE-2025-3277
(From OE-Core rev: ebacd5cd2827c1a9a45a92353518f9d976597526)
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-08-08 06:30:56 -07:00
Peter Marko
bedacbb603
sqlite3: patch CVE-2025-7458
...
Pick patch [1] listed in [2].
Also pick another patch which is precondition to this one introducing
variable needed for the check.
[1] https://sqlite.org/src/info/12ad822d9b827777
[2] https://nvd.nist.gov/vuln/detail/CVE-2025-7458
(From OE-Core rev: 4d5093e5103016c08b3a32fd83b1ec9edd87cd5a)
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-08-08 06:30:56 -07:00
Vijay Anusuri
bc3d85398a
sqlite3: Fix CVE-2025-6965
...
Upstream-Status: Backport from https://github.com/sqlite/sqlite/commit/c52e9d97d485a3eb168e3f8f3674a7bc4b419703
(From OE-Core rev: b4a2f74ba0b40abcdf56c4b58cae5f7ce145d511)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-08-04 06:40:00 -07:00
Peter Marko
ade4d1829a
sqlite3: patch CVE-2025-29088
...
Pick commit [1] mentioned in [2].
[1] https://github.com/sqlite/sqlite/commit/56d2fd008b108109f489339f5fd55212bb50afd4
[2] https://nvd.nist.gov/vuln/detail/CVE-2025-29088
(From OE-Core rev: 70d2d56f89d6f4589d65a0b4f0cbda20d2172167)
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-02 08:12:41 -07:00
Vrushti Dabhi
dd123d8eda
sqlite3: Rename patch for CVE-2022-35737
...
The patch "0001-sqlite-Increased-the-size-of-loop-variables-in-the-printf-implementation.patch"
fixes CVE-2022-35737.
(From OE-Core rev: 9a875873e566a6673a65a8264fd0868c568e2a2c)
Signed-off-by: Vrushti Dabhi <vrushti.dabhi@einfochips.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2024-09-07 05:38:17 -07:00
Vrushti Dabhi
bf6aca4b29
sqlite3: CVE-ID correction for CVE-2023-7104
...
- The commit [https://sqlite.org/src/info/0e4e7a05c4204b47 ]
("Fix a buffer overread in the sessions extension that could occur when processing a corrupt changeset.")
fixes CVE-2023-7104 instead of CVE-2022-46908.
- Hence, corrected the CVE-ID in CVE-2023-7104.patch.
- Reference: https://nvd.nist.gov/vuln/detail/CVE-2023-7104
(From OE-Core rev: 9d7f21f3d0ae24d0005076396e9a929bb32d648e)
Signed-off-by: Vrushti Dabhi <vrushti.dabhi@einfochips.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2024-09-07 05:38:17 -07:00
Peter Marko
76d570000e
sqlite3: backport patch for CVE-2023-7104
...
Backport https://sqlite.org/src/info/0e4e7a05c4204b47
(From OE-Core rev: 31fb83ac3dcd2dd55b184de22a296ab4dc150d2e)
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2024-01-21 08:50:38 -10:00
Vijay Anusuri
4f488ca49e
sqlite3: CVE-2023-36191 CLI fault on missing -nonce
...
Upstream-Status: Backport [https://sqlite.org/src/info/cd24178bbaad4a1d ]
(From OE-Core rev: 663713b2f95dee1e70f8921ece23b21d84d93805)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2023-07-21 06:27:34 -10:00
Vivek Kumbhar
bbe38cd637
sqlite: fix CVE-2022-46908 safe mode authorizer callback allows disallowed UDFs.
...
(From OE-Core rev: 18641988caa131436f75dd3c279ce5af3380481a)
Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2023-01-06 17:33:23 +00:00
Chee Yang Lee
2c42fa484a
sqlite: add CVE-2022-35737 patch to SRC_URI
...
SRC_URI include patch introduced in oe-core commit
fdc82b2314b580c0135c16b7278ebf8786311dec
(From OE-Core rev: f28dc527d4a3e3aa6ef2b446e863264c0e874fa1)
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2022-09-12 08:41:47 +01:00
Alexander Kanavin
354e778709
sqlite3: upgrade 3.38.3 -> 3.38.5
...
Additional changes in version 3.38.4 (2022-05-04):
Fix a byte-code problem in the Bloom filter pull-down optimization added by release 3.38.0 in which an error in the byte code causes the byte code engine to enter an infinite loop when the pull-down optimization encounters a NULL key. Forum thread 2482b32700384a0f.
Other minor patches. See the timeline for details.
Additional changes in version 3.38.5 (2022-05-06):
Fix a blunder in the CLI of the 3.38.4 release.
(From OE-Core rev: c762a5c97b61b4d560cda33ba4a7c329df0fc9f8)
Signed-off-by: Alexander Kanavin <alex@linutronix.de >
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
(cherry picked from commit e1bd414792ae2576685b2a352a5cc93343f06985)
Signed-off-by: Steve Sakoman <steve@sakoman.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2022-05-28 10:38:17 +01:00