[3.7] sqlite: NULL Pointer Dereference (CVE-2018-8740) (#8682) · Issues · alpine / aports

[3.7] sqlite: NULL Pointer Dereference (CVE-2018-8740)

In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement
could cause a NULL pointer dereference, related to build.c and prepare.c.

References:

http://openwall.com/lists/oss-security/2018/03/17/1
https://nvd.nist.gov/vuln/detail/CVE-2018-8740

Patch:

https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b

(from redmine: issue id 8682, created on 2018-03-19, closed on 2018-07-30)

Relations:
- copied_to #8680 (closed)
- parent #8680 (closed)

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information