An out of bounds read flaw was found in the SQLite component of the Chromium browser.
Created chromium tracking bugs for this issue:
Affects: epel-7 [bug 1782013]
Affects: fedora-all [bug 1782012]
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6 Supplementary
Via RHSA-2019:4238 https://access.redhat.com/errata/RHSA-2019:4238
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):
While the chromium bug is not public yet, its id leads us to this:
which further leads us to upstream commit:
There is no released sqlite version with the fix yet.
This is related to CVE-2019-13752. The only difference being that CVE-2019-13752 is related to fts3NodeAddTerm, while this CVE is related to fts3IncrmergePush. The patch described in comment #5 needs to be applied after the CVE-2019-13752 patch.
Created mingw-sqlite tracking bugs for this issue:
Affects: epel-all [bug 1786533]
Affects: fedora-all [bug 1786532]
Created sqlite tracking bugs for this issue:
Affects: fedora-all [bug 1786531]