Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 75f51891 by Moritz Muehlenhoff at 2020-10-01T23:18:17+02:00 one sqlite3 issue n/a for buster add more git mirror commit refs for sqlite3 in addition to the crude fossil links - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -33946,6 +33946,9 @@ CVE-2020-11655 (SQLite through 3.31.1 allows attackers to cause a denial of serv NOTE: https://www.sqlite.org/cgi/src/tktview?name=af4556bb5c NOTE: Issue covered before: https://www.sqlite.org/cgi/src/info/712e47714863a8ed NOTE: Fixed by: https://www.sqlite.org/cgi/src/info/4a302b42c7bf5e11 + NOTE: https://github.com/sqlite/sqlite/commit/3251a2031bfd29f338a5fda1a08c18878296d354 + NOTE: https://github.com/sqlite/sqlite/commit/c415d91007e1680e4eb17def583b202c3c83c718 + NOTE: https://github.com/sqlite/sqlite/commit/4db7ab53f9c30e2e22731ace93ab6b18eef6c4ae CVE-2020-11654 RESERVED CVE-2020-11653 (An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6 ...) @@ -39232,9 +39235,8 @@ CVE-2020-9796 CVE-2020-9795 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2020-9794 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) - - sqlite3 <undetermined> - NOTE: https://vuldb.com/?id.155768 - NOTE: As usual Apple advisories are too unspecific + NOT-FOR-US: sqlite3 as used by Apple + NOTE: No details available due to typical Apple intransparency CVE-2020-9793 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2020-9792 (A validation issue was addressed with improved input sanitization. Thi ...) @@ -40418,6 +40420,8 @@ CVE-2020-9327 (In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to tri NOTE: https://www.sqlite.org/cgi/src/info/4374860b29383380 NOTE: https://www.sqlite.org/cgi/src/info/9d0d4ab95dc0c56e NOTE: https://www.sqlite.org/cgi/src/info/abc473fb8fb99900 + NOTE: https://github.com/sqlite/sqlite/commit/bf48ce49f7c25e5d4524de9fdc5c0d505218d06d + NOTE: https://github.com/sqlite/sqlite/commit/78d1d225d87af40f5bdca57fa72f00b6ffaffa21 CVE-2020-9326 (BeyondTrust Privilege Management for Windows and Mac (aka PMWM; former ...) NOT-FOR-US: BeyondTrust Privilege Management for Windows and Mac CVE-2020-9325 (Aquaforest TIFF Server 4.0 allows Unauthenticated Arbitrary File Downl ...) @@ -61303,7 +61307,7 @@ CVE-2019-19243 RESERVED CVE-2019-19242 (SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_C ...) - sqlite3 3.30.1+fossil191229-1 - [buster] - sqlite3 <no-dsa> (Minor issue) + [buster] - sqlite3 <not-affected> (Vulnerable code not present) [stretch] - sqlite3 <not-affected> (Vulnerable code introduced later) [jessie] - sqlite3 <not-affected> (Vulnerable code not present) NOTE: https://github.com/sqlite/sqlite/commit/57f7ece78410a8aae86aa4625fb7556897db384c @@ -73073,6 +73077,7 @@ CVE-2019-16168 (In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c ca NOTE: https://www.sqlite.org/src/info/e4598ecbdd18bd82945f6029013296690e719a62 NOTE: Fixed by: https://www.sqlite.org/src/info/d93508fc9913cfe6 NOTE: Introduced by: https://www.sqlite.org/src/info/90e36676476e8db0 + NOTE: https://github.com/sqlite/sqlite/commit/725dd72400872da94dcfb6af48128905b93d57fe CVE-2019-16148 (Sakai through 12.6 allows XSS via a chat user name. ...) NOT-FOR-US: Sakai CVE-2019-16147 (Liferay Portal through 7.2.0 GA1 allows XSS via a journal article titl ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/75f51891dccb4590375a8b964baacb863788c204 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/75f51891dccb4590375a8b964baacb863788c204 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits