Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2019-19926

Published: 23 December 2019

multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
sqlite3
Launchpad, Ubuntu, Debian 		bionic
Released (3.22.0-1ubuntu0.3)
disco Ignored
(reached end-of-life)
eoan
Released (3.29.0-2ubuntu0.2)
focal Not vulnerable
(3.31.1-1ubuntu1)
groovy Not vulnerable
(3.31.1-1ubuntu1)
hirsute Not vulnerable
(3.31.1-1ubuntu1)
precise Ignored
(end of ESM support, was needs-triage)
trusty
Released (3.8.2-1ubuntu2.2+esm2)
upstream Needs triage

xenial
Released (3.11.0-1ubuntu1.4)
Patches:
upstream: https://github.com/sqlite/sqlite/commit/8428b3b437569338a9d1e10c4cd8154acbe33089

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading