QID 751168

This update for sqlite3 fixes the following issues: sqlite3 is sync version 3.36.0 from factory (jsc#sle-16032).
the following cves have been fixed in upstream releases up to this point, but were not mentioned in the change log so far: * bsc#1173641, cve-2020-15358: heap-based buffer overflow in multiselectorderby due to mishandling of query-flattener optimization * bsc#1164719, cve-2020-9327: null pointer dereference and segmentation fault because of generated column optimizations in isauxiliaryvtaboperator * bsc#1160439, cve-2019-20218: selectexpander in select.c proceeds with with stack unwinding even after a parsing error * bsc#1160438, cve-2019-19959: memory-management error via ext/misc/zipfile.c involving embedded \0 input * bsc#1160309, cve-2019-19923: improper handling of certain uses of select distinct in flattensubquery may lead to null pointer dereference * bsc#1159850, cve-2019-19924: improper error handling in sqlite3windowrewrite() * bsc#1159847, cve-2019-19925: improper handling of null pathname during an update of a zip archive * bsc#1159715, cve-2019-19926: improper handling of certain errors during parsing multiselect in select.c * bsc#1159491, cve-2019-19880: exprlistappendlist in window.c allows attackers to trigger an invalid pointer dereference * bsc#1158960, cve-2019-19603: during handling of create table and create view statements, does not consider confusion with a shadow table name * bsc#1158959, cve-2019-19646: pragma.c mishandles not null in an integrity_check pragma command in certain cases of generated columns * bsc#1158958, cve-2019-19645: alter.c allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with alter table statements * bsc#1158812, cve-2019-19317: lookupname in resolve.c omits bits from the colused bitmask in the case of a generated column, which allows attackers to cause a denial of service * bsc#1157818, cve-2019-19244: sqlite3,sqlite2,sqlite: the function sqlite3select in select.c allows a crash if a sub-select uses both distinct and window functions, and also has certain order by usage * bsc#928701, cve-2015-3415: sqlite3vdbeexec comparison operator vulnerability * bsc#928700, cve-2015-3414: sqlite3,sqlite2: dequoting of collation-sequence names * cve-2020-13434 bsc#1172115: integer overflow in sqlite3_str_vappendf * cve-2020-13630 bsc#1172234: use-after-free in fts3evalnextrow * cve-2020-13631 bsc#1172236: virtual table allowed to be renamed to one of its shadow tables * cve-2020-13632 bsc#1172240: null pointer dereference via crafted matchinfo() query * cve-2020-13435: malicious sql statements could have crashed the process that is running sqlite (bsc#1172091)

Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.

Successful exploitation allows attacker to compromise the system.