[Git][security-tracker-team/security-tracker][master] Magellan issue for sqlite: Add more information

Markus Koschany apo at debian.org
Wed Dec 19 21:37:28 GMT 2018


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a3f4b7cb by Markus Koschany at 2018-12-19T21:37:14Z
Magellan issue for sqlite: Add more information

Link to Fedora and Red Hat bugs manually as long as no official CVE has been
assigned.

Link to Fedora patch and related upstream commit which was done before 3.25.3
was released. In 3.26.0 a new option was introduced, SQLITE_DBCONFIG_DEFENSIVE,
that also can prevent attackers from exploiting the issue. However it seems to
be more intrusive than the other fix.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -314,6 +314,10 @@ CVE-2018-XXXX ["Magellan" remote code execution vulnerability]
 	- chromium 71.0.3578.80-1
 	[stretch] - chromium-browser 71.0.3578.80-1~deb9u1
 	NOTE: https://blade.tencent.com/magellan/index_en.html
+	NOTE: RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1659379
+	NOTE: Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=1659677
+	NOTE: Fedora patch: https://src.fedoraproject.org/rpms/sqlite/c/d8da047b90b7eff583c50bf7fa7dc3bc37414249?branch=f28
+	NOTE: Upstream change: https://www.sqlite.org/src/info/940f2adc8541a838
 	TODO: check, sqlite3 possibly fixed already in 3.25.3-1 (and not only in 3.26.0-1) as per chromium change
 CVE-2018-20172 (An issue was discovered in Nagios XI before 5.5.8. The rss_url ...)
 	NOT-FOR-US: Nagios XI



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a3f4b7cb9242ffe12bd73b1d8abe1d6c1686fbf9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a3f4b7cb9242ffe12bd73b1d8abe1d6c1686fbf9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181219/440ad030/attachment.html>


More information about the debian-security-tracker-commits mailing list