A sqlite3 security update has been released for Debian GNU/Linux 8 Extended LTS to address multiple vulnerabilities.
ELA-666-1 sqlite3 security update
Package sqlite3
ELA-666-1 sqlite3 security update
Version 3.8.7.1-1+deb8u7 (jessie)
Related CVEs CVE-2019-16168 CVE-2019-20218
Multiple fixes for vulnerabilities were backported from Debian stretch to Debian jessie. The two fixed vulnerabilities could result in crashes when working with BTree indexes, and in unexpected behaviour after parsing errors in WITH clauses.
Debian 9 stretch is not affected, the changes have been delivered there before.
For Debian 8 jessie, these problems have been fixed in version 3.8.7.1-1+deb8u7.
We recommend that you upgrade your sqlite3 packages.
Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/
