Paride Legovini pushed to branch master at Debian Security Tracker / security-tracker
Commits: 97d3c7f6 by Paride Legovini at 2025-08-18T00:26:20+02:00 lts: CVE-2025-43967/sqlite3: mark as not-affected in bullseye The CVE mentions 3.39.2 as the first affected version, but I can only be sure the problematic code got introduced in or after 3.39.0. To err on the side of caution I'm mentioning 3.39.0 as the first affected version. The Ubuntu security team reached similar conclusions [1]. [1] https://ubuntu.com/security/CVE-2025-7458#notes - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -5222,6 +5222,7 @@ CVE-2025-7497 (A maliciously crafted PRT file, when parsed through certain Autod NOT-FOR-US: Autodesk CVE-2025-7458 (An integer overflow in the sqlite3KeyInfoFromExprList function in SQLi ...) - sqlite3 3.42.0-1 + [bullseye] - sqlite3 <not-affected> (Vulnerable code introduced in 3.39.0) NOTE: https://sqlite.org/forum/forumpost/16ce2bb7a639e29b NOTE: https://sqlite.org/src/info/12ad822d9b827777 CVE-2025-6730 (The Bonanza \u2013 WooCommerce Free Gifts Lite plugin for WordPress is ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/97d3c7f6c4bae72566270ec16eccd0866853c780 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/97d3c7f6c4bae72566270ec16eccd0866853c780 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
