Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ff8e9ea0 by Salvatore Bonaccorso at 2020-01-11T23:49:18+01:00
Revert "Update status on CVE-2019-19242/sqlite3"
The issue is actually about misshandling pExpr->y.pTab, in
sqlite3ExprCodeTarget in expr.c . Whilst the issue was triggerable in
the 'generated column' case it's not assured that there is no issue
in
previous version.
To play on safe side rather continue to mark it accordingly as affected
where in expr.c in sqlite3ExprCodeTarget pExpr->y.pTab is not checked.
This is at least the case for the 3.30.1-1 version which was in unstable
at some point.
This reverts commit 93af29d7d3c705b331d75466ef48c2f8418c613c.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -13323,7 +13323,8 @@ CVE-2019-19244 (sqlite3Select in select.c in SQLite
3.30.1 allows a crash if a s
CVE-2019-19243
RESERVED
CVE-2019-19242 (SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by
the TK_C ...)
- - sqlite3 <not-affected> (Generated column support added later)
+ - sqlite3 3.30.1+fossil191229-1
+ [jessie] - sqlite3 <not-affected> (Vulnerable code not present)
NOTE:
https://github.com/sqlite/sqlite/commit/57f7ece78410a8aae86aa4625fb7556897db384c
CVE-2019-19241 (In the Linux kernel before 5.4.2, the io_uring feature leads
to reques ...)
- linux 5.3.15-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ff8e9ea0790e20bbd98b31e1b6a57c98eb87619a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ff8e9ea0790e20bbd98b31e1b6a57c98eb87619a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
