Debian alert DLA-3907-1 (sqlite3)

From:
             
 
Adrian Bunk <bunk@debian.org>
To:
             
 
debian-lts-announce@lists.debian.org
Subject:
             
 
[SECURITY] [DLA 3907-1] sqlite3 security update
Date:
             
 
Mon, 30 Sep 2024 23:59:43 +0300
Message-ID:
             
 
<ZvsRPylp8uroDlHn@localhost>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3907-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Adrian Bunk
September 30, 2024                            https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : sqlite3
Version        : 3.34.1-3+deb11u1
CVE ID         : CVE-2021-36690 CVE-2023-7104

Two vulnerabilities have been fixed in the SQLite database.

CVE-2021-36690

    Expert extension segfault

CVE-2023-7104

    Session extension buffer overread

For Debian 11 bullseye, these problems have been fixed in version
3.34.1-3+deb11u1.

We recommend that you upgrade your sqlite3 packages.

For the detailed security status of sqlite3 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/sqlite3

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmb7ET8ACgkQiNJCh6LY
mLGfXxAAoVCqilN5vGDVBSCkNO2wjtQYWCex6ElPftu3JXnyWgiytjNexa7VnscL
rKP+v6bXHX2uSvlMIpP+/Vztrq/Qfw7j7pP5ZW7RmdnF3pJBgC4pAi2bmVoD6qU6
dg3f26WZ6NXeGU7KuStYfoshTkoMZZxVczaPL1V4zJbQv3vbDh+8Y/7AcnrgiHkW
zBUzVbO0BVAB9NEXPUSnpnE0vq00c8oQzZYmRB9lGyLyxsuSouqJgfieeWnU7eVu
yxZfefYKW37vw4fhGHWX6B+HTbCj/yh42EmbUgX7xYQAjyvQzxlirqLkQZ0epGts
Rr7Lm3onVPxEmYCPoe28Vkx3YX6AOLgiSQQJ2d6U0oR08P2IS2iedW+v45PHU8XX
nAKFX5zSsHKGCS2QCSFwnOty0KA9dzR0M13lK9e2BpantNf0tSRXSAFq0giO4J5T
+ZPG6KsNtdd0OlaXiCv+IBqpsF2c4e/LNbbrEKcPz9Y9XxncNGz/CE8XNsg1IP93
Cw7u8ZjXOEjTTRM+HBRPGVhmnUpU2qztOtq9NVTYvZzBLD1xdwCRxqdB3ltIkBiM
mRCVpHZYlFrHso4Z9BDEzba87T52D5DnhxIfr3wbHT82BQSDGiA/XIM8vHo5dlEc
Cmo1rcnL6gHiUxaMmuwVG3FKhmL7W1Z/Ox3YXWiMGcEDb/kjsZs=
=HIY/
-----END PGP SIGNATURE-----