Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
99b1a3ce by Emilio Pozuelo Monfort at 2019-08-13T09:29:18Z
dla: triage sqlite as no-dsa
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -19329,6 +19329,7 @@ CVE-2019-8458 (Check Point Endpoint Security Client for
Windows, with Anti-Malwa
CVE-2019-8457 (SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to
heap out-o ...)
- sqlite3 3.27.2-3 (bug #929775)
[stretch] - sqlite3 <no-dsa> (Minor issue; can be fixed via point
release)
+ [jessie] - sqlite3 <no-dsa> (Minor issue)
NOTE: Fixed by: https://www.sqlite.org/src/info/90acdbfce9c08858
NOTE: Make the internal dynamic string interface available to
extensions:
NOTE: https://sqlite.org/src/info/87f261f0cb800b06
@@ -25864,6 +25865,7 @@ CVE-2019-5827 (Integer overflow in SQLite via WebSQL in
Google Chrome prior to 7
- chromium 75.0.3770.80-1
- sqlite3 3.27.2-3
[stretch] - sqlite3 <no-dsa> (Minor issue; mainly with inpact in
chromium)
+ [jessie] - sqlite3 <no-dsa> (Minor issue; mainly with inpact in
chromium)
NOTE: https://www.sqlite.org/src/info/07ee06fd390bfebe
NOTE: https://www.sqlite.org/src/info/0b6ae032c28e7fe3
CVE-2019-5826
=====================================
data/dla-needed.txt
=====================================
@@ -115,17 +115,6 @@ slurm-llnl
sox
NOTE: 20190721: no patch available (hle)
--
-sqlite3
- NOTE: CVE-2019-8457: Should be ignored, based on the discussion on
debian-lts:
- NOTE: CVE-2019-8457:
https://lists.debian.org/debian-lts/2019/06/msg00013.html (mejo, 2019-06-13)
- NOTE: CVE-2019-5827: No public information about the actual vulnerability
available yet. The
- NOTE: CVE-2019-5827: patches from sqlite3 3.27.2-3 suggest that it's related
to switching to
- NOTE: CVE-2019-5827: 64-bit memory allocators. There's been quite some
changes related to this
- NOTE: CVE-2019-5827: migration between the Jessie version and 3.27.2-3 (from
unstable). We might
- NOTE: CVE-2019-5827: have to look into them as well. (mejo, 2019-06-17)
- NOTE: 20190617: A preliminary package with *just* the (presumably)
CVE-2019-5827 patches backported:
- NOTE: 20190617:
https://people.debian.org/~mejo/debian/jessie-security/sqlite3_3.8.7.1-1+deb8u5.dsc
---
subversion
NOTE: 20190804: For (at least) CVE-2018-11782 the svn_err_trace that is in
the diff has not been added yet. (lamby)
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/99b1a3cec773eebdfa1a7bda484db7091a482cf7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/99b1a3cec773eebdfa1a7bda484db7091a482cf7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
