[Git][security-tracker-team/security-tracker][master] add note to CVE-2020-13434/CVE-2015-3416 (sqlite) with addtional

Sat, 13 May 2023 23:56:38 -0700 


Tobias Frost pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
cbcada12 by Tobias Frost at 2023-05-14T08:56:03+02:00
add note to CVE-2020-13434/CVE-2015-3416 (sqlite) with addtional
information why this is not affecting sqlite2.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -226233,6 +226233,7 @@ CVE-2020-13434 (SQLite through 3.32.0 has an integer 
overflow in sqlite3_str_vap
        NOTE: https://www.sqlite.org/src/info/23439ea582241138
        NOTE: https://www.sqlite.org/src/info/d08d3405878d394e
        NOTE: 
https://github.com/sqlite/sqlite/commit/dd6c33d372f3b83f4fe57904c2bd5ebba5c38018
+       NOTE: floating point precision limit safeguards are present in sqlite 
(V2), refactoring in V3 made it vulnerable.
 CVE-2020-13433 (Jason2605 AdminPanel 4.0 allows SQL Injection via the 
editPlayer.php h ...)
        NOT-FOR-US: Jason2605 AdminPanel
 CVE-2020-13432 (rejetto HFS (aka HTTP File Server) v2.3m Build #300, when 
virtual file ...)
@@ -471942,6 +471943,7 @@ CVE-2015-3416 (The sqlite3VXPrintf function in 
printf.c in SQLite before 3.8.9 d
        NOTE: http://www.sqlite.org/src/info/c494171f77dc2e5e
        NOTE: http://seclists.org/bugtraq/2015/Apr/97
        NOTE: https://lists.debian.org/debian-lts/2015/06/msg00031.html
+       NOTE: width/precision limit safeguards are present in sqlite (V2), 
refactoring in V3 made it vulnerable.
 CVE-2015-3415 (The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 
does not ...)
        {DSA-3252-1}
        - sqlite3 3.8.9-1 (bug #783968)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cbcada128cbf8ff06fb564e46dc3396761796c35

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cbcada128cbf8ff06fb564e46dc3396761796c35
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to