ALSA-2021:1968

Source
https://errata.almalinux.org/8/ALSA-2021-1968.html
Import Source
https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2021:1968.json
JSON Data
https://api.osv.dev/v1/vulns/ALSA-2021:1968
Related
Published
2021-05-18T06:30:39Z
Modified
2021-08-11T08:54:00Z
Summary
Moderate: mingw packages security and bug fix update
Details

MinGW is a free and open source software development environment to create Microsoft Windows applications.

The following packages have been upgraded to a later upstream version: mingw-sqlite (3.26.0.0). (BZ#1845475)

Security Fix(es):

  • sqlite: Division by zero in whereLoopAddBtreeIndex in sqlite3.c (CVE-2019-16168)

  • sqlite: Integer overflow in sqlite3strvappendf function in printf.c (CVE-2020-13434)

  • sqlite: Use-after-free in fts3EvalNextRow in ext/fts3/fts3.c (CVE-2020-13630)

  • sqlite: Virtual table can be renamed into the name of one of its shadow tables (CVE-2020-13631)

  • sqlite: NULL pointer dereference in ext/fts3/fts3_snippet.c via a crafted matchinfo() query (CVE-2020-13632)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References

Affected packages

AlmaLinux:8 / mingw-binutils-generic

Package

Name
mingw-binutils-generic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.30-3.el8

AlmaLinux:8 / mingw-filesystem-base

Package

Name
mingw-filesystem-base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
104-2.el8

AlmaLinux:8 / mingw32-binutils

Package

Name
mingw32-binutils

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.30-3.el8

AlmaLinux:8 / mingw32-bzip2

Package

Name
mingw32-bzip2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.6-14.el8

AlmaLinux:8 / mingw32-bzip2-static

Package

Name
mingw32-bzip2-static

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.6-14.el8

AlmaLinux:8 / mingw32-filesystem

Package

Name
mingw32-filesystem

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
104-2.el8

AlmaLinux:8 / mingw32-sqlite

Package

Name
mingw32-sqlite

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.26.0.0-1.el8

AlmaLinux:8 / mingw32-sqlite-static

Package

Name
mingw32-sqlite-static

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.26.0.0-1.el8

AlmaLinux:8 / mingw64-binutils

Package

Name
mingw64-binutils

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.30-3.el8

AlmaLinux:8 / mingw64-bzip2

Package

Name
mingw64-bzip2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.6-14.el8

AlmaLinux:8 / mingw64-bzip2-static

Package

Name
mingw64-bzip2-static

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.6-14.el8

AlmaLinux:8 / mingw64-filesystem

Package

Name
mingw64-filesystem

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
104-2.el8

AlmaLinux:8 / mingw64-sqlite

Package

Name
mingw64-sqlite

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.26.0.0-1.el8

AlmaLinux:8 / mingw64-sqlite-static

Package

Name
mingw64-sqlite-static

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.26.0.0-1.el8