Tobias Frost pushed to branch master at Debian Security Tracker / security-tracker
Commits: 3c555b72 by Tobias Frost at 2023-05-22T11:43:36+02:00 CVE-2021-31239/sqlite is not affecting buster The affected feature, AppendVFS, has been according upstream changelog introduced in sqlite3 version 3.22.0 [1] with commit [2] (Very likely not sqlite at all, but I'm conservative here) [1] https://sqlite.org/releaselog/3_22_0.html [2] https://github.com/sqlite/sqlite/commit/3be8b1a - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -152364,8 +152364,10 @@ CVE-2021-31239 (An issue found in SQLite SQLite3 v.3.35.4 that allows a remote a - sqlite3 3.36.0-2 [bullseye] - sqlite3 <no-dsa> (Minor issue) - sqlite <removed> + [buster] - sqlite <not-affected> (Vulnerable feature introduced later) NOTE: https://www.sqlite.org/forum/forumpost/d9fce1a89b NOTE: Fixed by: https://github.com/sqlite/sqlite/commit/6536c4f18e3dd37084c902f965631ff28248d8c7 (version-3.36.0) + NOTE: Vulnerable feature introduced with: https://github.com/sqlite/sqlite/commit/3be8b1ac at 3.22.0 (https://sqlite.org/releaselog/3_22_0.html) CVE-2021-31238 RESERVED CVE-2021-31237 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3c555b72d603b686f8213b6a0fbfd1952a6ee858 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3c555b72d603b686f8213b6a0fbfd1952a6ee858 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
