[Secure-testing-team] Bug#783968: sqlite3: CVE-2015-3414 CVE-2015-3415 CVE-2015-3416

[Salvatore Bonaccorso]

Source: sqlite3
Version: 3.8.7.4-1
Severity: important
Tags: security upstream fixed-upstream

Hi,

the following vulnerabilities were published for sqlite3.

CVE-2015-3414[0]:
| SQLite before 3.8.9 does not properly implement the dequoting of
| collation-sequence names, which allows context-dependent attackers to
| cause a denial of service (uninitialized memory access and application
| crash) or possibly have unspecified other impact via a crafted COLLATE
| clause, as demonstrated by COLLATE"""""""" at the end of a SELECT
| statement.

CVE-2015-3415[1]:
| The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not
| properly implement comparison operators, which allows
| context-dependent attackers to cause a denial of service (invalid free
| operation) or possibly have unspecified other impact via a crafted
| CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE
| statement.

CVE-2015-3416[2]:
| The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does
| not properly handle precision and width values during floating-point
| conversions, which allows context-dependent attackers to cause a
| denial of service (integer overflow and stack-based buffer overflow)
| or possibly have unspecified other impact via large integers in a
| crafted printf function call in a SELECT statement.

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2015-3414
[1] https://security-tracker.debian.org/tracker/CVE-2015-3415
[2] https://security-tracker.debian.org/tracker/CVE-2015-3416

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore