Roberto C. Sánchez pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1796ddef by Roberto C. Sánchez at 2020-08-22T18:30:05-04:00
LTS: update issues which are to be fixed in stretch
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -23962,7 +23962,6 @@ CVE-2020-13434 (SQLite through 3.32.0 has an integer
overflow in sqlite3_str_vap
{DLA-2221-1}
- sqlite3 3.32.1-1
[buster] - sqlite3 <no-dsa> (Minor issue)
- [stretch] - sqlite3 <no-dsa> (Minor issue)
NOTE: https://www.sqlite.org/src/info/23439ea582241138
NOTE: https://www.sqlite.org/src/info/d08d3405878d394e
CVE-2020-13433 (Jason2605 AdminPanel 4.0 allows SQL Injection via the
editPlayer.php h ...)
@@ -29365,7 +29364,6 @@ CVE-2020-11655 (SQLite through 3.31.1 allows attackers
to cause a denial of serv
{DLA-2203-1}
- sqlite3 3.31.1-5
[buster] - sqlite3 <no-dsa> (Minor issue)
- [stretch] - sqlite3 <no-dsa> (Minor issue)
NOTE: https://www.sqlite.org/cgi/src/tktview?name=af4556bb5c
NOTE: Issue covered before:
https://www.sqlite.org/cgi/src/info/712e47714863a8ed
NOTE: Fixed by: https://www.sqlite.org/cgi/src/info/4a302b42c7bf5e11
@@ -46274,7 +46272,6 @@ CVE-2019-20219 (ngiflib 0.4 has a heap-based buffer
over-read in GifIndexToTrueC
CVE-2019-20218 (selectExpander in select.c in SQLite 3.30.1 proceeds with WITH
stack u ...)
- sqlite3 3.30.1+fossil191229-1
[buster] - sqlite3 <no-dsa> (Minor issue)
- [stretch] - sqlite3 <no-dsa> (Minor issue)
[jessie] - sqlite3 <no-dsa> (Minor issue)
NOTE: Fixed by:
https://github.com/sqlite/sqlite/commit/a6c1a71cde082e09750465d5675699062922e387
CVE-2019-20217 (D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote
attackers ...)
@@ -68344,7 +68341,6 @@ CVE-2019-16149
CVE-2019-16168 (In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c
can cras ...)
- sqlite3 3.29.0-2
[buster] - sqlite3 <no-dsa> (Minor issue)
- [stretch] - sqlite3 <no-dsa> (Minor issue)
[jessie] - sqlite3 <no-dsa> (Minor issue)
NOTE:
https://www.mail-archive.com/[email protected]/msg116312.html
NOTE:
https://www.sqlite.org/src/info/e4598ecbdd18bd82945f6029013296690e719a62
@@ -88059,12 +88055,10 @@ CVE-2019-9938 (The SHAREit application before 4.0.42
for Android allows a remote
NOT-FOR-US: SHAREit
CVE-2019-9937 (In SQLite 3.27.2, interleaving reads and writes in a single
transactio ...)
- sqlite3 3.27.2-2 (low; bug #925290)
- [stretch] - sqlite3 <no-dsa> (Minor issue)
[jessie] - sqlite3 <not-affected> (fts5 introducded later, function not
available for fts3)
NOTE: https://sqlite.org/src/info/45c73deb440496e8
CVE-2019-9936 (In SQLite 3.27.2, running fts5 prefix queries inside a
transaction cou ...)
- sqlite3 3.27.2-2 (low; bug #925289)
- [stretch] - sqlite3 <no-dsa> (Minor issue)
[jessie] - sqlite3 <not-affected> (fts5 introducded later, function not
available for fts3)
NOTE: https://sqlite.org/src/info/b3fa58dd7403dbd4
CVE-2019-9935 (Various Lexmark products have Incorrect Access Control (issue 2
of 2). ...)
@@ -99895,7 +99889,6 @@ CVE-2019-5827 (Integer overflow in SQLite via WebSQL in
Google Chrome prior to 7
- chromium 75.0.3770.80-1
[stretch] - chromium <end-of-life> (see DSA 4562)
- sqlite3 3.27.2-3
- [stretch] - sqlite3 <no-dsa> (Minor issue; mainly with inpact in
chromium)
[jessie] - sqlite3 <no-dsa> (Minor issue; mainly with inpact in
chromium)
NOTE: https://www.sqlite.org/src/info/07ee06fd390bfebe
NOTE: https://www.sqlite.org/src/info/0b6ae032c28e7fe3
@@ -106133,7 +106126,6 @@ CVE-2018-20507 (An issue was discovered in GitLab
Enterprise Edition 11.2.x thro
CVE-2018-20506 (SQLite before 3.25.3, when the FTS3 extension is enabled,
encounters a ...)
{DLA-1613-1}
- sqlite3 3.25.3-1
- [stretch] - sqlite3 <no-dsa> (Minor issue)
NOTE: https://sqlite.org/src/info/940f2adc8541a838
CVE-2018-20505 (SQLite 3.25.2, when queries are run on a table with a
malformed PRIMAR ...)
- sqlite3 3.25.3-1
@@ -107287,7 +107279,6 @@ CVE-2018-20173 (Zoho ManageEngine OpManager 12.3
before 123238 allows SQL inject
CVE-2018-20346 (SQLite before 3.25.3, when the FTS3 extension is enabled,
encounters a ...)
{DSA-4352-1 DLA-1613-1}
- sqlite3 3.25.3-1
- [stretch] - sqlite3 <no-dsa> (Minor issue)
- chromium 71.0.3578.80-1
NOTE: https://blade.tencent.com/magellan/index_en.html
NOTE: RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1659379
@@ -145240,7 +145231,6 @@ CVE-2018-8741 (A directory traversal flaw in
SquirrelMail 1.4.22 allows an authe
CVE-2018-8740 (In SQLite through 3.22.0, databases whose schema is corrupted
using a ...)
{DLA-1633-1}
- sqlite3 3.22.0-2 (bug #893195)
- [stretch] - sqlite3 <no-dsa> (Minor issue)
[wheezy] - sqlite3 <no-dsa> (Minor issue)
NOTE: https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349
NOTE:
https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1796ddef17558c752bc2847436b30ee18495a15c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1796ddef17558c752bc2847436b30ee18495a15c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
