Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
da349a18 by Salvatore Bonaccorso at 2019-12-29T22:02:38Z
Track fixed version for sqlite3 issues via unstable upload
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -325,17 +325,17 @@ CVE-2019-19926 (multiSelect in select.c in SQLite 3.30.1
mishandles certain erro
- sqlite3 <not-affected> (Incomplete fix for CVE-2019-19880 not applied)
NOTE:
https://github.com/sqlite/sqlite/commit/8428b3b437569338a9d1e10c4cd8154acbe33089
CVE-2019-19925 (zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1
mishandles a NULL ...)
- - sqlite3 <unfixed>
+ - sqlite3 3.30.1+fossil191229-1
[stretch] - sqlite3 <not-affected> (Vulnerable code introduced later)
[jessie] - sqlite3 <not-affected> (Vulnerable code introduced later)
NOTE:
https://github.com/sqlite/sqlite/commit/54d501092d88c0cf89bec4279951f548fb0b8618
CVE-2019-19924 (SQLite 3.30.1 mishandles certain parser-tree rewriting,
related to exp ...)
- - sqlite3 <unfixed>
+ - sqlite3 3.30.1+fossil191229-1
[stretch] - sqlite3 <not-affected> (Vulnerable code introduced later)
[jessie] - sqlite3 <not-affected> (Vulnerable code introduced later)
NOTE:
https://github.com/sqlite/sqlite/commit/8654186b0236d556aa85528c2573ee0b6ab71be3
CVE-2019-19923 (flattenSubquery in select.c in SQLite 3.30.1 mishandles
certain uses o ...)
- - sqlite3 <unfixed>
+ - sqlite3 3.30.1+fossil191229-1
[stretch] - sqlite3 <not-affected> (Vulnerable code introduced later)
[jessie] - sqlite3 <not-affected> (Vulnerable code introduced later)
NOTE:
https://github.com/sqlite/sqlite/commit/396afe6f6aa90a31303c183e11b2b2d4b7956b35
@@ -676,7 +676,7 @@ CVE-2019-19882 (shadow 4.8, in certain circumstances
affecting at least Gentoo,
CVE-2019-19881
RESERVED
CVE-2019-19880 (exprListAppendList in window.c in SQLite 3.30.1 allows
attackers to tr ...)
- - sqlite3 <unfixed>
+ - sqlite3 3.30.1+fossil191229-1
[stretch] - sqlite3 <not-affected> (Vulnerable code introduced later)
[jessie] - sqlite3 <not-affected> (Vulnerable code introduced later)
NOTE:
https://github.com/sqlite/sqlite/commit/75e95e1fcd52d3ec8282edb75ac8cd0814095d54
@@ -3948,7 +3948,7 @@ CVE-2019-19646 (pragma.c in SQLite through 3.30.1
mishandles NOT NULL in an inte
NOTE:
https://github.com/sqlite/sqlite/commit/926f796e8feec15f3836aa0a060ed906f8ae04d3
NOTE:
https://github.com/sqlite/sqlite/commit/ebd70eedd5d6e6a890a670b5ee874a5eae86b4dd
CVE-2019-19645 (alter.c in SQLite through 3.30.1 allows attackers to trigger
infinite ...)
- - sqlite3 <unfixed> (bug #946612)
+ - sqlite3 3.30.1+fossil191229-1 (bug #946612)
NOTE:
https://github.com/sqlite/sqlite/commit/38096961c7cd109110ac21d3ed7dad7e0cb0ae06
CVE-2019-19644
RESERVED
@@ -4077,7 +4077,7 @@ CVE-2019-19604 (Arbitrary command execution is possible
in Git before 2.20.2, 2.
NOTE:
https://gitlab.com/gitlab-com/gl-security/disclosures/blob/master/003_git_submodule/advisory.md
NOTE: https://www.openwall.com/lists/oss-security/2019/12/13/1
CVE-2019-19603 (SQLite 3.30.1 mishandles certain SELECT statements with a
nonexistent ...)
- - sqlite3 <unfixed>
+ - sqlite3 3.30.1+fossil191229-1
NOTE:
https://github.com/sqlite/sqlite/commit/527cbd4a104cb93bf3994b3dd3619a6299a78b13
CVE-2019-19601 (OpenDetex 2.8.5 has a Buffer Overflow in TexOpen in detex.l
because of ...)
- texlive-bin <undetermined>
@@ -6602,14 +6602,14 @@ CVE-2019-19246 (Oniguruma through 6.9.3, as used in PHP
7.3.x and other products
CVE-2019-19245 (NAPC Xinet Elegant 6 Asset Library 6.1.655 allows
Pre-Authentication S ...)
NOT-FOR-US: NAPC Xinet Elegant 6 Asset Library
CVE-2019-19244 (sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a
sub-sel ...)
- - sqlite3 <unfixed> (bug #946656)
+ - sqlite3 3.30.1+fossil191229-1 (bug #946656)
[stretch] - sqlite3 <not-affected> (Vulnerable code introduced later)
[jessie] - sqlite3 <not-affected> (Vulnerable code, i.e. window
functions, not present)
NOTE:
https://github.com/sqlite/sqlite/commit/e59c562b3f6894f84c715772c4b116d7b5c01348
CVE-2019-19243
RESERVED
CVE-2019-19242 (SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by
the TK_C ...)
- - sqlite3 <unfixed>
+ - sqlite3 3.30.1+fossil191229-1
[jessie] - sqlite3 <not-affected> (Vulnerable code not present)
NOTE:
https://github.com/sqlite/sqlite/commit/57f7ece78410a8aae86aa4625fb7556897db384c
CVE-2019-19241 (In the Linux kernel before 5.4.2, the io_uring feature leads
to reques ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/da349a18552cb8375c4dd56250d9cc2f5a922249
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/da349a18552cb8375c4dd56250d9cc2f5a922249
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
