Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a8b78f31 by Salvatore Bonaccorso at 2023-05-22T21:07:15+02:00
Update information for CVE-2021-31239/sqlite
The referenced URL leads to a 404, isolate the commit and use the full
commit hash. As the feature was intorduced only in the 3.22.0 version,
mark the whole sqlite entry as not-affected, as sqlite was in version
2.8.17-15 latest in unstable.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -152393,11 +152393,10 @@ CVE-2021-31239 (An issue found in SQLite SQLite3
v.3.35.4 that allows a remote a
- sqlite3 3.36.0-2
[bullseye] - sqlite3 <no-dsa> (Minor issue)
[buster] - sqlite3 <no-dsa> (Minor issue)
- - sqlite <removed>
- [buster] - sqlite <not-affected> (Vulnerable feature introduced later)
+ - sqlite <not-affected> (Vulnerable code not present)
NOTE: https://www.sqlite.org/forum/forumpost/d9fce1a89b
NOTE: Fixed by:
https://github.com/sqlite/sqlite/commit/6536c4f18e3dd37084c902f965631ff28248d8c7
(version-3.36.0)
- NOTE: Vulnerable feature introduced with:
https://github.com/sqlite/sqlite/commit/3be8b1ac at 3.22.0
(https://sqlite.org/releaselog/3_22_0.html)
+ NOTE: Vulnerable feature introduced with:
https://github.com/sqlite/sqlite/commit/3be8b1a4f7848c1d67324893f4ac9cace8c06eb0
(version-3.22.0, https://sqlite.org/releaselog/3_22_0.html)
CVE-2021-31238
RESERVED
CVE-2021-31237
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a8b78f311d2c6bd9ddccef446a87d1522967b813
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a8b78f311d2c6bd9ddccef446a87d1522967b813
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
