ALSA-2021:1968

MinGW is a free and open source software development environment to create Microsoft Windows applications.

The following packages have been upgraded to a later upstream version: mingw-sqlite (3.26.0.0). (BZ#1845475)

Security Fix(es):

• sqlite: Division by zero in whereLoopAddBtreeIndex in sqlite3.c (CVE-2019-16168)

• sqlite: Integer overflow in sqlite3strvappendf function in printf.c (CVE-2020-13434)

• sqlite: Use-after-free in fts3EvalNextRow in ext/fts3/fts3.c (CVE-2020-13630)

• sqlite: Virtual table can be renamed into the name of one of its shadow tables (CVE-2020-13631)

• sqlite: NULL pointer dereference in ext/fts3/fts3_snippet.c via a crafted matchinfo() query (CVE-2020-13632)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.