Your message dated Sat, 08 Sep 2007 09:47:03 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#441233: fixed in sqlite 2.8.17-3
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: sqlite
Version: 2.8.17-2
Severity: grave
Tags: security
Hi,
A CVE was published for sqlite2:
CVE-2007-1888[0]:
Buffer overflow in the sqlite_decode_binary function in src/encode.c in SQLite
2, as used by PHP 4.x through 5.x and other applications, allows
context-dependent attackers to execute arbitrary code via an empty value of the
in parameter. NOTE: some PHP installations use a bundled version of sqlite
without this vulnerability. The SQLite developer has argued that this issue
could be due to a misuse of the sqlite_decode_binary() API.
I already a a fixed package ready so I am going to 0-day NMU this package to fix
this.
Kind regards
Nico
--
Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpNTYzKiL8Jf.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: sqlite
Source-Version: 2.8.17-3
We believe that the bug you reported is fixed in the latest version of
sqlite, which is due to be installed in the Debian FTP archive:
libsqlite-tcl_2.8.17-3_i386.deb
to pool/main/s/sqlite/libsqlite-tcl_2.8.17-3_i386.deb
libsqlite0-dev_2.8.17-3_i386.deb
to pool/main/s/sqlite/libsqlite0-dev_2.8.17-3_i386.deb
libsqlite0_2.8.17-3_i386.deb
to pool/main/s/sqlite/libsqlite0_2.8.17-3_i386.deb
sqlite-doc_2.8.17-3_all.deb
to pool/main/s/sqlite/sqlite-doc_2.8.17-3_all.deb
sqlite_2.8.17-3.diff.gz
to pool/main/s/sqlite/sqlite_2.8.17-3.diff.gz
sqlite_2.8.17-3.dsc
to pool/main/s/sqlite/sqlite_2.8.17-3.dsc
sqlite_2.8.17-3_i386.deb
to pool/main/s/sqlite/sqlite_2.8.17-3_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Laszlo Boszormenyi (GCS) <[EMAIL PROTECTED]> (supplier of updated sqlite
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 08 Sep 2007 10:53:33 +0300
Source: sqlite
Binary: libsqlite0-dev libsqlite0 sqlite sqlite-doc libsqlite-tcl
Architecture: source i386 all
Version: 2.8.17-3
Distribution: unstable
Urgency: medium
Maintainer: Laszlo Boszormenyi (GCS) <[EMAIL PROTECTED]>
Changed-By: Laszlo Boszormenyi (GCS) <[EMAIL PROTECTED]>
Description:
libsqlite-tcl - SQLite TCL bindings
libsqlite0 - SQLite shared library
libsqlite0-dev - SQLite development files
sqlite - command line interface for SQLite
sqlite-doc - SQLite documentation
Closes: 412582 426155 441233
Changes:
sqlite (2.8.17-3) unstable; urgency=medium
.
* Accept Nico's quick security fix related upload (closes: #441233).
* Add Italian and Catalan debconf translations, thanks to Luca Monducci and
Jorda Polo respectively (closes: #426155, #412582).
Files:
d769866d893579ccf58d6dcf6be34b23 741 devel optional sqlite_2.8.17-3.dsc
b9149650d5090d2e089a52fece3f8e0c 224387 devel optional sqlite_2.8.17-3.diff.gz
94388d53712bdad2093c0ccff44b3cb9 154702 doc optional
sqlite-doc_2.8.17-3_all.deb
3ebf26a69d677dfaae848265c6b85ea5 20938 misc optional sqlite_2.8.17-3_i386.deb
fb595bd96dae7029e8281f797038dbf1 180796 libs optional
libsqlite0_2.8.17-3_i386.deb
8df9f7698f913aeab9d6c92e44a5d490 209066 libdevel optional
libsqlite0-dev_2.8.17-3_i386.deb
18c9c82d270c31f58c2e20cf39baea24 13338 interpreters optional
libsqlite-tcl_2.8.17-3_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFG4mpxMDatjqUaT90RAn/XAJ4kg+J6fqyusaOUASqumYVges124wCdFmcX
4ywY4UxPvQOJSiZfeT11ly8=
=BTy2
-----END PGP SIGNATURE-----
--- End Message ---
