Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 2de2ae71 by Salvatore Bonaccorso at 2020-04-13T11:37:13+02:00 Add CVE-2020-11655/sqlite For stretch I have opted to be on safe side and marked it as no-dsa. The issue might have only been introduced when introducing the window function, but this is not completely clear if it is just uncovered since then. The affected and patched funkctions are presenet before but the issue might have been introduced after that. Still do not want to mark something as not-affected wrongly and play safe here. Before upsteam https://www3.sqlite.org/cgi/src/info/712e47714863a8ed the issue triggers an assert instead of a segfault but it is "just covered" by the first reached assert. - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -166,7 +166,12 @@ CVE-2020-11657 CVE-2020-11656 (In SQLite through 3.31.1, the ALTER TABLE implementation has a use-aft ...) TODO: check CVE-2020-11655 (SQLite through 3.31.1 allows attackers to cause a denial of service (s ...) - TODO: check + - sqlite3 <unfixed> + [buster] - sqlite3 <no-dsa> (Minor issue) + [stretch] - sqlite3 <no-dsa> (Minor issue) + NOTE: https://www3.sqlite.org/cgi/src/tktview?name=af4556bb5c + NOTE: Issue covered before: https://www3.sqlite.org/cgi/src/info/712e47714863a8ed + NOTE: Fixed by: https://www3.sqlite.org/cgi/src/info/4a302b42c7bf5e11 CVE-2020-11654 RESERVED CVE-2020-11653 (An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2de2ae719afd69f568ba6be9b792fe5eba08a9f3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2de2ae719afd69f568ba6be9b792fe5eba08a9f3 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
