[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Sun, 23 Aug 2020 01:10:42 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
967defee by security tracker role at 2020-08-23T08:10:22+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -22834,6 +22834,7 @@ CVE-2020-13873
 CVE-2020-13872 (Royal TS before 5 has a 0.0.0.0 listener, which makes it 
easier for at ...)
        NOT-FOR-US: Royal TS
 CVE-2020-13871 (SQLite 3.32.2 has a use-after-free in resetAccumulator in 
select.c bec ...)
+       {DLA-2340-1}
        - sqlite3 3.32.2-2
        [jessie] - sqlite3 <not-affected> (Vulnerable code not present)
        NOTE: New fix: https://www.sqlite.org/src/info/44a58d6cb135a104
@@ -23527,6 +23528,7 @@ CVE-2020-13634 (In Windows Master (aka Windows 
Optimization Master) 7.99.13.604,
 CVE-2020-13633 (Fork before 5.8.3 allows XSS via navigation_title or title. 
...)
        NOT-FOR-US: Fork CMS
 CVE-2020-13632 (ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL 
pointer der ...)
+       {DLA-2340-1}
        - sqlite3 3.32.0-1
        [jessie] - sqlite3 <not-affected> (Vulnerable code not present)
        NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=1080459
@@ -23538,6 +23540,7 @@ CVE-2020-13631 (SQLite before 3.32.0 allows a virtual 
table to be renamed to the
        NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=1080459
        NOTE: https://sqlite.org/src/info/eca0ba2cf4c0fdf7
 CVE-2020-13630 (ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free 
in fts3Ev ...)
+       {DLA-2340-1}
        - sqlite3 3.32.0-1
        [jessie] - sqlite3 <not-affected> (Vulnerable code not found)
        NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=1080459
@@ -23959,7 +23962,7 @@ CVE-2020-13435 (SQLite through 3.32.0 has a 
segmentation fault in sqlite3ExprCod
        NOTE: https://www.sqlite.org/src/info/ad7bb70af9bb68d1
        NOTE: https://www.sqlite.org/src/info/572105de1d44bca4
 CVE-2020-13434 (SQLite through 3.32.0 has an integer overflow in 
sqlite3_str_vappendf  ...)
-       {DLA-2221-1}
+       {DLA-2340-1 DLA-2221-1}
        - sqlite3 3.32.1-1
        [buster] - sqlite3 <no-dsa> (Minor issue)
        NOTE: https://www.sqlite.org/src/info/23439ea582241138
@@ -29361,7 +29364,7 @@ CVE-2020-11656 (In SQLite through 3.31.1, the ALTER 
TABLE implementation has a u
        NOTE: https://www.sqlite.org/src/info/b64674919f673602
        NOTE: Negliglible security impact (and uncovered in DEBUG build)
 CVE-2020-11655 (SQLite through 3.31.1 allows attackers to cause a denial of 
service (s ...)
-       {DLA-2203-1}
+       {DLA-2340-1 DLA-2203-1}
        - sqlite3 3.31.1-5
        [buster] - sqlite3 <no-dsa> (Minor issue)
        NOTE: https://www.sqlite.org/cgi/src/tktview?name=af4556bb5c
@@ -46271,6 +46274,7 @@ CVE-2019-20220 (In Support Incident Tracker (SiT!) 
3.67, the search_id parameter
 CVE-2019-20219 (ngiflib 0.4 has a heap-based buffer over-read in 
GifIndexToTrueColor i ...)
        NOT-FOR-US: ngiflib
 CVE-2019-20218 (selectExpander in select.c in SQLite 3.30.1 proceeds with WITH 
stack u ...)
+       {DLA-2340-1}
        - sqlite3 3.30.1+fossil191229-1
        [buster] - sqlite3 <no-dsa> (Minor issue)
        [jessie] - sqlite3 <no-dsa> (Minor issue)
@@ -68344,6 +68348,7 @@ CVE-2019-16150 (Use of a hard-coded cryptographic key 
to encrypt security sensit
 CVE-2019-16149
        RESERVED
 CVE-2019-16168 (In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c 
can cras ...)
+       {DLA-2340-1}
        - sqlite3 3.29.0-2
        [buster] - sqlite3 <no-dsa> (Minor issue)
        [jessie] - sqlite3 <no-dsa> (Minor issue)
@@ -88060,10 +88065,12 @@ CVE-2019-9939 (The SHAREit application before 4.0.36 
for Android allows a remote
 CVE-2019-9938 (The SHAREit application before 4.0.42 for Android allows a 
remote atta ...)
        NOT-FOR-US: SHAREit
 CVE-2019-9937 (In SQLite 3.27.2, interleaving reads and writes in a single 
transactio ...)
+       {DLA-2340-1}
        - sqlite3 3.27.2-2 (low; bug #925290)
        [jessie] - sqlite3 <not-affected> (fts5 introducded later, function not 
available for fts3)
        NOTE: https://sqlite.org/src/info/45c73deb440496e8
 CVE-2019-9936 (In SQLite 3.27.2, running fts5 prefix queries inside a 
transaction cou ...)
+       {DLA-2340-1}
        - sqlite3 3.27.2-2 (low; bug #925289)
        [jessie] - sqlite3 <not-affected> (fts5 introducded later, function not 
available for fts3)
        NOTE: https://sqlite.org/src/info/b3fa58dd7403dbd4
@@ -99891,7 +99898,7 @@ CVE-2019-5828 (Object lifecycle issue in ServiceWorker 
in Google Chrome prior to
        - chromium 75.0.3770.80-1
        [stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2019-5827 (Integer overflow in SQLite via WebSQL in Google Chrome prior to 
74.0.3 ...)
-       {DSA-4500-1}
+       {DSA-4500-1 DLA-2340-1}
        - chromium 75.0.3770.80-1
        [stretch] - chromium <end-of-life> (see DSA 4562)
        - sqlite3 3.27.2-3
@@ -106130,7 +106137,7 @@ CVE-2018-20507 (An issue was discovered in GitLab 
Enterprise Edition 11.2.x thro
        - gitlab 11.5.6+dfsg-1 (bug #918086)
        NOTE: 
https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
 CVE-2018-20506 (SQLite before 3.25.3, when the FTS3 extension is enabled, 
encounters a ...)
-       {DLA-1613-1}
+       {DLA-2340-1 DLA-1613-1}
        - sqlite3 3.25.3-1
        NOTE: https://sqlite.org/src/info/940f2adc8541a838
 CVE-2018-20505 (SQLite 3.25.2, when queries are run on a table with a 
malformed PRIMAR ...)
@@ -107283,7 +107290,7 @@ CVE-2018-20174 (rdesktop versions up to and including 
v1.8.3 contain an Out-Of-B
 CVE-2018-20173 (Zoho ManageEngine OpManager 12.3 before 123238 allows SQL 
injection vi ...)
        NOT-FOR-US: Zoho ManageEngine OpManager
 CVE-2018-20346 (SQLite before 3.25.3, when the FTS3 extension is enabled, 
encounters a ...)
-       {DSA-4352-1 DLA-1613-1}
+       {DSA-4352-1 DLA-2340-1 DLA-1613-1}
        - sqlite3 3.25.3-1
        - chromium 71.0.3578.80-1
        NOTE: https://blade.tencent.com/magellan/index_en.html
@@ -145236,7 +145243,7 @@ CVE-2018-8741 (A directory traversal flaw in 
SquirrelMail 1.4.22 allows an authe
        NOTE: https://sourceforge.net/p/squirrelmail/bugs/2846/
        NOTE: https://sourceforge.net/p/squirrelmail/code/14751/
 CVE-2018-8740 (In SQLite through 3.22.0, databases whose schema is corrupted 
using a  ...)
-       {DLA-1633-1}
+       {DLA-2340-1 DLA-1633-1}
        - sqlite3 3.22.0-2 (bug #893195)
        [wheezy] - sqlite3 <no-dsa> (Minor issue)
        NOTE: https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/967defee34aab59fa1fddaef1ea9cced5e7d8e83

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/967defee34aab59fa1fddaef1ea9cced5e7d8e83
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to