[Git][security-tracker-team/security-tracker][master] Correct version for gthumb (missing epoch)
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b1a81524 by Salvatore Bonaccorso at 2020-01-13T06:35:05+01:00 Correct version for gthumb (missing epoch) - - - - - 1 changed file: - data/DLA/list Changes: = data/DLA/list = @@ -1,6 +1,6 @@ [13 Jan 2020] DLA-2066-1 gthumb - security update {CVE-2019-20326} - [jessie] - gthumb 3.3.1-2.1+deb8u2 + [jessie] - gthumb 3:3.3.1-2.1+deb8u2 [12 Jan 2020] DLA-2065-1 apache-log4j1.2 - security update {CVE-2019-17571} [jessie] - apache-log4j1.2 1.2.17-5+deb8u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b1a81524e6b07babf0497679649cdf4c0c89b112 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b1a81524e6b07babf0497679649cdf4c0c89b112 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Sync status for CVE-2019-19447/linux with kernel-sec
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d433a0e4 by Salvatore Bonaccorso at 2020-01-13T06:30:10+01:00 Sync status for CVE-2019-19447/linux with kernel-sec - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -12613,8 +12613,9 @@ CVE-2019-19448 (In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs - linux NOTE: https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19448 CVE-2019-19447 (In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, ...) - - linux + - linux 5.4.6-1 NOTE: https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19447 + NOTE: https://git.kernel.org/linus/c7df4a1ecb8579838ec8c56b2bb6a6716e974f37 CVE-2019-19446 RESERVED CVE-2019-19445 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d433a0e49f25982b673dae641e046ca59e1721e8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d433a0e49f25982b673dae641e046ca59e1721e8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-2066-1 for gthumb
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: 6b92aa02 by Abhijith PA at 2020-01-13T10:05:40+05:30 Reserve DLA-2066-1 for gthumb - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[13 Jan 2020] DLA-2066-1 gthumb - security update + {CVE-2019-20326} + [jessie] - gthumb 3.3.1-2.1+deb8u2 [12 Jan 2020] DLA-2065-1 apache-log4j1.2 - security update {CVE-2019-17571} [jessie] - apache-log4j1.2 1.2.17-5+deb8u1 = data/dla-needed.txt = @@ -28,8 +28,6 @@ gpac -- graphicsmagick (Thorsten Alteholz) -- -gthumb (Abhijith PA) --- ibus NOTE: 20191210: Requires glib2.0 to be patched also. NOTE: 20191210: See https://bugs.debian.org/941018 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6b92aa0266fa8771315de6cdc32c6ce7d6ee0fd3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6b92aa0266fa8771315de6cdc32c6ce7d6ee0fd3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 7daee453 by Thorsten Alteholz at 2020-01-12T22:22:19+01:00 update note - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -109,7 +109,7 @@ slurm-llnl -- sqlite3 (Thorsten Alteholz) NOTE: 20191212: look at no-dsa as well - NOTE: 20191230: WIP + NOTE: 20200112: WIP -- squid3 (Roberto C. Sánchez) NOTE: 20191210: Requires new API SBuf. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7daee45309d6d37141ed00cabfc3f4ec2677f61f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7daee45309d6d37141ed00cabfc3f4ec2677f61f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 4 commits: Update status for CVE-2019-19927/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c711a65c by Salvatore Bonaccorso at 2020-01-12T21:21:18+01:00 Update status for CVE-2019-19927/linux - - - - - 65325a2f by Salvatore Bonaccorso at 2020-01-12T21:21:51+01:00 Update status for CVE-2019-19815/linux - - - - - 1ebba4f8 by Salvatore Bonaccorso at 2020-01-12T21:22:06+01:00 Update status for CVE-2019-5108/linux - - - - - b16d3844 by Salvatore Bonaccorso at 2020-01-12T21:22:43+01:00 Merge remote-tracking branch origin/master - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7019,8 +7019,7 @@ CVE-2019-19929 (An Untrusted Search Path vulnerability in Malwarebytes AdwCleane CVE-2019-19928 RESERVED CVE-2019-19927 (In the Linux kernel 5.0.0-rc7 (as distributed in ubuntu/linux.git on k ...) - - linux - TODO: check in kernel-sec + - linux 5.2.6-1 CVE-2019-19926 (multiSelect in select.c in SQLite 3.30.1 mishandles certain errors dur ...) - sqlite3 (Incomplete fix for CVE-2019-19880 not applied) NOTE: https://github.com/sqlite/sqlite/commit/8428b3b437569338a9d1e10c4cd8154acbe33089 @@ -7995,7 +7994,7 @@ CVE-2019-19817 (The JBIG2Decode library in npdf.dll in Nitro Free PDF Reader 12. CVE-2019-19816 (In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image ...) - linux CVE-2019-19815 (In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image c ...) - - linux + - linux 5.3.7-1 CVE-2019-19814 (In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image c ...) - linux CVE-2019-19813 (In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, ...) @@ -57464,8 +57463,9 @@ CVE-2019-5110 (Exploitable SQL injection vulnerabilities exist in the authentica CVE-2019-5109 (Exploitable SQL injection vulnerabilities exists in the authenticated ...) NOT-FOR-US: Forma LMS CVE-2019-5108 (An exploitable denial-of-service vulnerability exists in the Linux ker ...) - - linux + - linux 5.3.7-1 NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0900 + NOTE: https://git.kernel.org/linus/3e493173b7841259a08c5c8e5cbe90adb349da7e CVE-2019-5107 RESERVED CVE-2019-5106 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/6ea896374ebfc5a503207b7b3d988c0eacbe5702...b16d3844bd677a323eb68212eb528ef419da5e71 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/6ea896374ebfc5a503207b7b3d988c0eacbe5702...b16d3844bd677a323eb68212eb528ef419da5e71 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla: still ongoing
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker Commits: 6ea89637 by Adrian Bunk at 2020-01-12T22:09:50+02:00 dla: still ongoing - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -49,7 +49,7 @@ libexif (Hugo Lefeuvre) NOTE: 20200111: to get access to the reproducer. (hle) -- libjackson-json-java (Adrian Bunk) - NOTE: 20191230: work is ongoing + NOTE: 20200112: work is ongoing -- libmatio (Adrian Bunk) NOTE: fairly high number of open issues. Not sure why we never had a look at them. @@ -61,7 +61,7 @@ libmatio (Adrian Bunk) NOTE: 20190428: is likely vulnerable NOTE: 20190428: some CVE testcases still fail after applying the fix, NOTE: 20190428: older changes seem to also be required for them - NOTE: 20191223: work is ongoing + NOTE: 20200112: work is ongoing -- linux (Ben Hutchings) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6ea896374ebfc5a503207b7b3d988c0eacbe5702 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6ea896374ebfc5a503207b7b3d988c0eacbe5702 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-2065-1 for apache-log4j1.2
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 0520f458 by Markus Koschany at 2020-01-12T20:13:27+01:00 Reserve DLA-2065-1 for apache-log4j1.2 - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[12 Jan 2020] DLA-2065-1 apache-log4j1.2 - security update + {CVE-2019-17571} + [jessie] - apache-log4j1.2 1.2.17-5+deb8u1 [10 Jan 2020] DLA-2064-1 ldm - security update {CVE-2019-20373} [jessie] - ldm 2:2.2.15-2+deb8u1 = data/dla-needed.txt = @@ -15,8 +15,6 @@ ansible NOTE: CVE-2019-14846 should be an easy fix. NOTE: CVE-2019-14858's upstream patch is too big; fails to work properly. (utkarsh2102) -- -apache-log4j1.2 (Markus Koschany) --- clamav (Hugo Lefeuvre) NOTE: 20200111: waiting for 0.102.1 to enter stretch/buster. NOTE: 0.102.* introduces a fair amount of ABI changes, and the migration View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0520f45880eb382b739db3ffa7c2879f367b4f12 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0520f45880eb382b739db3ffa7c2879f367b4f12 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Fix typoed source package for mruby
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 44715e30 by Salvatore Bonaccorso at 2020-01-12T17:03:47+01:00 Fix typoed source package for mruby Fixes: 6b81486db411 (Add CVE-2020-68{38,39,40}/mruby, futher checks pending) - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -18,7 +18,7 @@ CVE-2020-6840 (In mruby 2.1.0, there is a use-after-free in hash_slice in mrbgem NOTE: https://github.com/mruby/mruby/commit/fc8fb41451b07b3fda0726ba80e88e509ad02452 TODO: check CVE-2020-6839 (In mruby 2.1.0, there is a stack-based buffer overflow in mrb_str_len_ ...) - - murby + - mruby NOTE: https://github.com/mruby/mruby/issues/4929 NOTE: https://github.com/mruby/mruby/commit/2124b9b4c95e66e63b1eb26a8dab49753b82fd6c TODO: check View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/44715e306ddd91fd9586785ff31f2e1c2b80c471 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/44715e306ddd91fd9586785ff31f2e1c2b80c471 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2019-16723/cacti: one more followup patch...
Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker Commits: 5a517b60 by Hugo Lefeuvre at 2020-01-12T16:55:10+01:00 CVE-2019-16723/cacti: one more followup patch... - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -23032,6 +23032,7 @@ CVE-2019-16723 (In Cacti through 1.2.6, authenticated users may bypass authoriza NOTE: which turned out to be insufficient to fix the issue, follow up patches: NOTE: https://github.com/Cacti/cacti/commit/9a1d2ec46d2dde23826c134ca70a0cd3bef43ee7 NOTE: https://github.com/Cacti/cacti/commit/d5f98679a06aa96adfe04f60908f9108cfc9f7f7 + NOTE: https://github.com/Cacti/cacti/commit/4cecb19f6be8b84fa1c7b6450b66176007cb53df NOTE: The original issue mentions only a bypass via graph_json.php but there are NOTE: additional permission checks missed while checking the issue fixed with the NOTE: upstream commits. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5a517b60775a2d5c3fa1d3b15f24151ec411d32b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5a517b60775a2d5c3fa1d3b15f24151ec411d32b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2019-10094/tika as no-dsa for buster
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3472ec9a by Salvatore Bonaccorso at 2020-01-12T16:46:19+01:00 Mark CVE-2019-10094/tika as no-dsa for buster - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -43479,6 +43479,7 @@ CVE-2019-10095 RESERVED CVE-2019-10094 (A carefully crafted package/compressed file that, when unzipped/uncomp ...) - tika 1.22-1 (bug #933746) + [buster] - tika (Minor issue) [jessie] - tika (Vulnerable feature introduced in 1.7) NOTE: https://www.openwall.com/lists/oss-security/2019/08/02/4 NOTE: https://github.com/apache/tika/commit/c4e63c9be8665cccea8b680c59a6f5cfbc03e0fc View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3472ec9ad1316d30f7177ef1ca2acd4e464e2f9b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3472ec9ad1316d30f7177ef1ca2acd4e464e2f9b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2019-16723/cacti: add followup patches
Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker Commits: 36092749 by Hugo Lefeuvre at 2020-01-12T16:45:05+01:00 CVE-2019-16723/cacti: add followup patches - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -23029,6 +23029,9 @@ CVE-2019-16723 (In Cacti through 1.2.6, authenticated users may bypass authoriza NOTE: https://github.com/Cacti/cacti/commit/c7cf4a26e4848872b48094e67f8d0a01dd7613d2 NOTE: after further discussion, upstream issued a new fix which reverts previous commits NOTE: https://github.com/Cacti/cacti/commit/cfb0733597af97abc92270de4f47cbfa32f9ce8b + NOTE: which turned out to be insufficient to fix the issue, follow up patches: + NOTE: https://github.com/Cacti/cacti/commit/9a1d2ec46d2dde23826c134ca70a0cd3bef43ee7 + NOTE: https://github.com/Cacti/cacti/commit/d5f98679a06aa96adfe04f60908f9108cfc9f7f7 NOTE: The original issue mentions only a bypass via graph_json.php but there are NOTE: additional permission checks missed while checking the issue fixed with the NOTE: upstream commits. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/360927495dda095e9e008798031b453409ac908b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/360927495dda095e9e008798031b453409ac908b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2020-5504/phpmyadmin
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 24dad8c4 by Salvatore Bonaccorso at 2020-01-12T16:26:18+01:00 Add Debian bug reference for CVE-2020-5504/phpmyadmin - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2843,7 +2843,7 @@ CVE-2020-5505 RESERVED CVE-2020-5504 (In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists ...) {DLA-2060-1} - - phpmyadmin + - phpmyadmin (bug #948718) [stretch] - phpmyadmin (Minor issue; can be fixed via point release) NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/c86acbf3ed49f69cf38b31879886dd5eb86b6983 NOTE: https://gist.github.com/ibennetch/4c1b701f4b766e4dd5556e8e26200b6b View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/24dad8c4841cabdfea4cebbfebd36a0da7cd1633 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/24dad8c4841cabdfea4cebbfebd36a0da7cd1633 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2020-5504/phpmyadmin as no-dsa
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ab1fa2b4 by Salvatore Bonaccorso at 2020-01-12T16:14:34+01:00 Mark CVE-2020-5504/phpmyadmin as no-dsa - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2844,6 +2844,7 @@ CVE-2020-5505 CVE-2020-5504 (In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists ...) {DLA-2060-1} - phpmyadmin + [stretch] - phpmyadmin (Minor issue; can be fixed via point release) NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/c86acbf3ed49f69cf38b31879886dd5eb86b6983 NOTE: https://gist.github.com/ibennetch/4c1b701f4b766e4dd5556e8e26200b6b NOTE: https://www.phpmyadmin.net/security/PMASA-2020-1/ View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ab1fa2b479b65bc75e9979bdd2a43d3567df5611 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ab1fa2b479b65bc75e9979bdd2a43d3567df5611 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2019-19959/sqlite3 as no-dsa for buster
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: fdff101a by Salvatore Bonaccorso at 2020-01-12T10:21:57+01:00 Mark CVE-2019-19959/sqlite3 as no-dsa for buster - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -6919,6 +6919,7 @@ CVE-2019-19960 (In wolfSSL before 4.3.0, wc_ecc_mulmod_ex does not properly resi NOTE: https://github.com/wolfSSL/wolfssl/commit/5ee9f9c7a23f8ed093fe1e42bc540727e96cebb8 (v4.3.0-stable) CVE-2019-19959 (ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT ...) - sqlite3 3.30.1+fossil191229-1 + [buster] - sqlite3 (Minor issue) [stretch] - sqlite3 (Vulnerable code introduced later) [jessie] - sqlite3 (Vulnerable code introduced later) NOTE: https://github.com/sqlite/sqlite/commit/1e490c4ca6b43a9cf8637d695907888349f69bec View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fdff101a93f0df185540ea8a32b1fcbcdbe6f5b5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fdff101a93f0df185540ea8a32b1fcbcdbe6f5b5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2019-19925 as no-dsa for buster
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f487f4ef by Salvatore Bonaccorso at 2020-01-12T10:19:04+01:00 Mark CVE-2019-19925 as no-dsa for buster - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7024,6 +7024,7 @@ CVE-2019-19926 (multiSelect in select.c in SQLite 3.30.1 mishandles certain erro NOTE: https://github.com/sqlite/sqlite/commit/8428b3b437569338a9d1e10c4cd8154acbe33089 CVE-2019-19925 (zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL ...) - sqlite3 3.30.1+fossil191229-1 + [buster] - sqlite3 (Minor issue) [stretch] - sqlite3 (Vulnerable code introduced later) [jessie] - sqlite3 (Vulnerable code introduced later) NOTE: https://github.com/sqlite/sqlite/commit/54d501092d88c0cf89bec4279951f548fb0b8618 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f487f4ef0a0087fa88c3d554fe85312bb7f056e9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f487f4ef0a0087fa88c3d554fe85312bb7f056e9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2019-19924/sqlite3 as no-dsa
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 63cb96b2 by Salvatore Bonaccorso at 2020-01-12T10:04:47+01:00 Mark CVE-2019-19924/sqlite3 as no-dsa - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7029,6 +7029,7 @@ CVE-2019-19925 (zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles NOTE: https://github.com/sqlite/sqlite/commit/54d501092d88c0cf89bec4279951f548fb0b8618 CVE-2019-19924 (SQLite 3.30.1 mishandles certain parser-tree rewriting, related to exp ...) - sqlite3 3.30.1+fossil191229-1 + [buster] - sqlite3 (Minor issue) [stretch] - sqlite3 (Vulnerable code introduced later) [jessie] - sqlite3 (Vulnerable code introduced later) NOTE: https://github.com/sqlite/sqlite/commit/8654186b0236d556aa85528c2573ee0b6ab71be3 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/63cb96b2c0b86ab04ae9459587ba7002145b45db -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/63cb96b2c0b86ab04ae9459587ba7002145b45db You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2019-19923/sqlite3 as no-dsa
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7160c139 by Salvatore Bonaccorso at 2020-01-12T09:11:34+01:00 Mark CVE-2019-19923/sqlite3 as no-dsa - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7034,6 +7034,7 @@ CVE-2019-19924 (SQLite 3.30.1 mishandles certain parser-tree rewriting, related NOTE: https://github.com/sqlite/sqlite/commit/8654186b0236d556aa85528c2573ee0b6ab71be3 CVE-2019-19923 (flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses o ...) - sqlite3 3.30.1+fossil191229-1 + [buster] - sqlite3 (Minor issue) [stretch] - sqlite3 (Vulnerable code introduced later) [jessie] - sqlite3 (Vulnerable code introduced later) NOTE: https://github.com/sqlite/sqlite/commit/396afe6f6aa90a31303c183e11b2b2d4b7956b35 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7160c13940cb021858a3ec0392d6b8912870642c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7160c13940cb021858a3ec0392d6b8912870642c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits