<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">

<html lang="en">

<head>

<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">

<title>

GitLab

</title>

<style>img {

max-width: 100%; height: auto;

}

</style>

</head>

<body>

<div class="content">

<h3>

Salvatore Bonaccorso pushed to branch master

at <a href="https://salsa.debian.org/security-tracker-team/security-tracker">Debian Security Tracker / security-tracker</a>

</h3>

<h4>

Commits:

</h4>

<ul>

<li>

<strong><a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2de2ae719afd69f568ba6be9b792fe5eba08a9f3">2de2ae71</a></strong>

<div>

<span>by Salvatore Bonaccorso</span>

<i>at 2020-04-13T11:37:13+02:00</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add CVE-2020-11655/sqlite

For stretch I have opted to be on safe side and marked it as no-dsa. The

issue might have only been introduced when introducing the window

function, but this is not completely clear if it is just uncovered since

then. The affected and patched funkctions are presenet before but the

issue might have been introduced after that. Still do not want to mark

something as not-affected wrongly and play safe here.

Before upsteam https://www3.sqlite.org/cgi/src/info/712e47714863a8ed the

issue triggers an assert instead of a segfault but it is "just covered"

by the first reached assert.

</pre>

</li>

</ul>

<h4>1 changed file:</h4>

<ul>

<li class="file-stats">

<a href="#4716ef5aa8f2742228ba3b3633215c8b808565e3">

data/CVE/list

</a>

</li>

</ul>

<h4>Changes:</h4>

<li id="4716ef5aa8f2742228ba3b3633215c8b808565e3">

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2de2ae719afd69f568ba6be9b792fe5eba08a9f3#4716ef5aa8f2742228ba3b3633215c8b808565e3"><strong>data/CVE/list</strong></a>

<hr>

No preview for this file type

<br>

</li>

</div>

<div class="footer" style="margin-top: 10px;">

<p style="font-size: small; color: #777;">

—

<br>

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2de2ae719afd69f568ba6be9b792fe5eba08a9f3">View it on GitLab</a>.

<br>

You're receiving this email because of your account on salsa.debian.org.

If you'd like to receive fewer emails, you can

adjust your notification settings.

<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Commit","url":"https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2de2ae719afd69f568ba6be9b792fe5eba08a9f3"}}</script>

</p>

</div>

</body>

</html>