RLSA-2021:1968

Details

MinGW is a free and open source software development environment to create Microsoft Windows applications.

The following packages have been upgraded to a later upstream version: mingw-sqlite (3.26.0.0). (BZ#1845475)

Security Fix(es):

sqlite: Division by zero in whereLoopAddBtreeIndex in sqlite3.c (CVE-2019-16168)
sqlite: Integer overflow in sqlite3_str_vappendf function in printf.c (CVE-2020-13434)
sqlite: Use-after-free in fts3EvalNextRow in ext/fts3/fts3.c (CVE-2020-13630)
sqlite: Virtual table can be renamed into the name of one of its shadow tables (CVE-2020-13631)
sqlite: NULL pointer dereference in ext/fts3/fts3_snippet.c via a crafted matchinfo() query (CVE-2020-13632)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Rocky Linux 8.4 Release Notes linked from the References section.

Affected Packages

Rocky Linux:8mingw-binutils

Fixed in:

0:2.30-3.el8

Rocky Linux:8mingw-bzip2

Fixed in:

0:1.0.6-14.el8

Rocky Linux:8mingw-sqlite

Fixed in:

0:3.26.0.0-1.el8

References

REPORThttps://bugzilla.redhat.com/show_bug.cgi?id=1768986 REPORThttps://bugzilla.redhat.com/show_bug.cgi?id=1841223 REPORThttps://bugzilla.redhat.com/show_bug.cgi?id=1841562 REPORThttps://bugzilla.redhat.com/show_bug.cgi?id=1841568 REPORThttps://bugzilla.redhat.com/show_bug.cgi?id=1841574 ADVISORYhttps://errata.rockylinux.org/RLSA-2021:1968

RLSA-2021:1968

Details

Affected Packages

References

CVSS Analysis

Upstream

Ecosystems

Credits

Timeline