Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
75f51891 by Moritz Muehlenhoff at 2020-10-01T23:18:17+02:00
one sqlite3 issue n/a for buster
add more git mirror commit refs for sqlite3 in addition to the crude fossil
links
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -33946,6 +33946,9 @@ CVE-2020-11655 (SQLite through 3.31.1 allows attackers
to cause a denial of serv
NOTE: https://www.sqlite.org/cgi/src/tktview?name=af4556bb5c
NOTE: Issue covered before:
https://www.sqlite.org/cgi/src/info/712e47714863a8ed
NOTE: Fixed by: https://www.sqlite.org/cgi/src/info/4a302b42c7bf5e11
+ NOTE:
https://github.com/sqlite/sqlite/commit/3251a2031bfd29f338a5fda1a08c18878296d354
+ NOTE:
https://github.com/sqlite/sqlite/commit/c415d91007e1680e4eb17def583b202c3c83c718
+ NOTE:
https://github.com/sqlite/sqlite/commit/4db7ab53f9c30e2e22731ace93ab6b18eef6c4ae
CVE-2020-11654
RESERVED
CVE-2020-11653 (An issue was discovered in Varnish Cache before 6.0.6 LTS,
6.1.x and 6 ...)
@@ -39232,9 +39235,8 @@ CVE-2020-9796
CVE-2020-9795 (A use after free issue was addressed with improved memory
management. ...)
NOT-FOR-US: Apple
CVE-2020-9794 (An out-of-bounds read was addressed with improved bounds
checking. Thi ...)
- - sqlite3 <undetermined>
- NOTE: https://vuldb.com/?id.155768
- NOTE: As usual Apple advisories are too unspecific
+ NOT-FOR-US: sqlite3 as used by Apple
+ NOTE: No details available due to typical Apple intransparency
CVE-2020-9793 (A memory corruption issue was addressed with improved input
validation ...)
NOT-FOR-US: Apple
CVE-2020-9792 (A validation issue was addressed with improved input
sanitization. Thi ...)
@@ -40418,6 +40420,8 @@ CVE-2020-9327 (In SQLite 3.31.1,
isAuxiliaryVtabOperator allows attackers to tri
NOTE: https://www.sqlite.org/cgi/src/info/4374860b29383380
NOTE: https://www.sqlite.org/cgi/src/info/9d0d4ab95dc0c56e
NOTE: https://www.sqlite.org/cgi/src/info/abc473fb8fb99900
+ NOTE:
https://github.com/sqlite/sqlite/commit/bf48ce49f7c25e5d4524de9fdc5c0d505218d06d
+ NOTE:
https://github.com/sqlite/sqlite/commit/78d1d225d87af40f5bdca57fa72f00b6ffaffa21
CVE-2020-9326 (BeyondTrust Privilege Management for Windows and Mac (aka PMWM;
former ...)
NOT-FOR-US: BeyondTrust Privilege Management for Windows and Mac
CVE-2020-9325 (Aquaforest TIFF Server 4.0 allows Unauthenticated Arbitrary
File Downl ...)
@@ -61303,7 +61307,7 @@ CVE-2019-19243
RESERVED
CVE-2019-19242 (SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by
the TK_C ...)
- sqlite3 3.30.1+fossil191229-1
- [buster] - sqlite3 <no-dsa> (Minor issue)
+ [buster] - sqlite3 <not-affected> (Vulnerable code not present)
[stretch] - sqlite3 <not-affected> (Vulnerable code introduced later)
[jessie] - sqlite3 <not-affected> (Vulnerable code not present)
NOTE:
https://github.com/sqlite/sqlite/commit/57f7ece78410a8aae86aa4625fb7556897db384c
@@ -73073,6 +73077,7 @@ CVE-2019-16168 (In SQLite through 3.29.0,
whereLoopAddBtreeIndex in sqlite3.c ca
NOTE:
https://www.sqlite.org/src/info/e4598ecbdd18bd82945f6029013296690e719a62
NOTE: Fixed by: https://www.sqlite.org/src/info/d93508fc9913cfe6
NOTE: Introduced by: https://www.sqlite.org/src/info/90e36676476e8db0
+ NOTE:
https://github.com/sqlite/sqlite/commit/725dd72400872da94dcfb6af48128905b93d57fe
CVE-2019-16148 (Sakai through 12.6 allows XSS via a chat user name. ...)
NOT-FOR-US: Sakai
CVE-2019-16147 (Liferay Portal through 7.2.0 GA1 allows XSS via a journal
article titl ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/75f51891dccb4590375a8b964baacb863788c204
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/75f51891dccb4590375a8b964baacb863788c204
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
