CVE-2020-13631
Published: 27 May 2020
SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.
Priority
Low
CVSS 3 base score: 5.5
Status
| Package | Release | Status |
|---|---|---|
|
sqlite Launchpad, Ubuntu, Debian |
bionic |
Ignored
|
| eoan |
Ignored
|
|
| focal |
Ignored
|
|
| precise |
Does not exist
|
|
| trusty |
Ignored
|
|
| upstream |
Needs triage
|
|
| xenial |
Ignored
|
|
|
sqlite3 Launchpad, Ubuntu, Debian |
bionic |
Ignored
|
| eoan |
Released
(3.29.0-2ubuntu0.3)
|
|
| focal |
Released
(3.31.1-4ubuntu0.1)
|
|
| precise |
Ignored
|
|
| trusty |
Ignored
|
|
| upstream |
Released
(3.32.0-1)
|
|
| xenial |
Ignored
|
Notes
| Author | Note |
|---|---|
| mdeslaur | The code changes required to backport the fix for this issue to older versions of SQLite shipped in Ubuntu stable releases is subtantial and may introduce regressions. Due to the low severity of this issue, we will not be releasing a fix for Ubuntu 18.04 LTS and earlier. Marking as ignored. |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13631
- https://ubuntu.com/security/notices/USN-4394-1
- NVD
- Launchpad
- Debian