[Git][security-tracker-team/security-tracker][master] 2 commits: mark CVE-2019-20218 CVE-2019-19645 CVE-2019-19603 as no-dsa for Jessie

Mon, 27 Jan 2020 01:50:18 -0800 


Thorsten Alteholz pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
259e05d1 by Thorsten Alteholz at 2020-01-27T10:49:20+01:00
mark CVE-2019-20218 CVE-2019-19645 CVE-2019-19603 as no-dsa for Jessie

- - - - -
ee086ecf by Thorsten Alteholz at 2020-01-27T10:49:20+01:00
all CVEs for sqlite3 marked as no-dsa

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -6300,6 +6300,7 @@ CVE-2019-20218 (selectExpander in select.c in SQLite 
3.30.1 proceeds with WITH s
        - sqlite3 3.30.1+fossil191229-1
        [buster] - sqlite3 <no-dsa> (Minor issue)
        [stretch] - sqlite3 <no-dsa> (Minor issue)
+       [jessie] - sqlite3 <no-dsa> (Minor issue)
        NOTE: Fixed by: 
https://github.com/sqlite/sqlite/commit/a6c1a71cde082e09750465d5675699062922e387
 CVE-2019-20217
        RESERVED
@@ -13287,6 +13288,7 @@ CVE-2019-19645 (alter.c in SQLite through 3.30.1 allows 
attackers to trigger inf
        - sqlite3 3.30.1+fossil191229-1 (bug #946612)
        [buster] - sqlite3 <no-dsa> (Minor issue)
        [stretch] - sqlite3 <no-dsa> (Minor issue)
+       [jessie] - sqlite3 <no-dsa> (Minor issue)
        NOTE: 
https://github.com/sqlite/sqlite/commit/38096961c7cd109110ac21d3ed7dad7e0cb0ae06
 CVE-2019-19644
        RESERVED
@@ -13417,6 +13419,7 @@ CVE-2019-19603 (SQLite 3.30.1 mishandles certain SELECT 
statements with a nonexi
        - sqlite3 3.30.1+fossil191229-1
        [buster] - sqlite3 <no-dsa> (Minor issue)
        [stretch] - sqlite3 <no-dsa> (Minor issue)
+       [jessie] - sqlite3 <no-dsa> (Minor issue)
        NOTE: 
https://github.com/sqlite/sqlite/commit/527cbd4a104cb93bf3994b3dd3619a6299a78b13
 CVE-2019-19601 (OpenDetex 2.8.5 has a Buffer Overflow in TexOpen in detex.l 
because of ...)
        - texlive-bin <unfixed> (unimportant; bug #949630)


=====================================
data/dla-needed.txt
=====================================
@@ -114,10 +114,6 @@ slurm-llnl
   NOTE: 20191125: up for testing 
https://people.debian.org/~abhijith/upload/slurm-llnl_14.03.9-5+deb8u5.dsc
   NOTE: Regression found. (abhijith)
 --
-sqlite3 (Thorsten Alteholz)
-  NOTE: 20191212: look at no-dsa as well
-  NOTE: 20200126: WIP
---
 squid3
   NOTE: 20191210: CVE-2019-12523 and CVE-2019-18676 Requires new API SBuf.
   NOTE: 20200116: Researched other distros to see if any had backported the 
fixes.  No luck.



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/564c8456ed5a28be9b333a2f3b03062e750b537c...ee086ecf306074d40a50ae749b8549a900ddb866

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/564c8456ed5a28be9b333a2f3b03062e750b537c...ee086ecf306074d40a50ae749b8549a900ddb866
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to