{"affected":[{"ecosystem_specific":{"binaries":[{"libsqlite3-0":"3.8.3.1-2.12.1","libsqlite3-0-32bit":"3.8.3.1-2.12.1","sqlite3":"3.8.3.1-2.12.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12-LTSS","name":"sqlite3","purl":"pkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.8.3.1-2.12.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for sqlite3 fixes the following issues:\n\nSecurity issue fixed:\n\n- CVE-2019-8457: Fixed a Heap out-of-bound read in rtreenode() when handling invalid rtree tables (bsc#1136976).\n- CVE-2018-8740: Fixed a NULL pointer dereference related to corrupted databases schemas (bsc#1085790).\n- CVE-2017-10989: Fixed a heap-based buffer over-read in getNodeSize() (bsc#1132045).\n","id":"SUSE-SU-2019:1522-1","modified":"2019-06-17T15:28:32Z","published":"2019-06-17T15:28:32Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2019/suse-su-20191522-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1085790"},{"type":"REPORT","url":"https://bugzilla.suse.com/1132045"},{"type":"REPORT","url":"https://bugzilla.suse.com/1136976"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-10989"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-8740"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-8457"}],"related":["CVE-2017-10989","CVE-2018-8740","CVE-2019-8457"],"summary":"Security update for sqlite3","upstream":["CVE-2017-10989","CVE-2018-8740","CVE-2019-8457"]}