[Git][security-tracker-team/security-tracker][master] Magellan issue for sqlite: Add more information
Markus Koschany
apo at debian.org
Wed Dec 19 21:37:28 GMT 2018
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a3f4b7cb by Markus Koschany at 2018-12-19T21:37:14Z
Magellan issue for sqlite: Add more information
Link to Fedora and Red Hat bugs manually as long as no official CVE has been
assigned.
Link to Fedora patch and related upstream commit which was done before 3.25.3
was released. In 3.26.0 a new option was introduced, SQLITE_DBCONFIG_DEFENSIVE,
that also can prevent attackers from exploiting the issue. However it seems to
be more intrusive than the other fix.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -314,6 +314,10 @@ CVE-2018-XXXX ["Magellan" remote code execution vulnerability]
- chromium 71.0.3578.80-1
[stretch] - chromium-browser 71.0.3578.80-1~deb9u1
NOTE: https://blade.tencent.com/magellan/index_en.html
+ NOTE: RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1659379
+ NOTE: Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=1659677
+ NOTE: Fedora patch: https://src.fedoraproject.org/rpms/sqlite/c/d8da047b90b7eff583c50bf7fa7dc3bc37414249?branch=f28
+ NOTE: Upstream change: https://www.sqlite.org/src/info/940f2adc8541a838
TODO: check, sqlite3 possibly fixed already in 3.25.3-1 (and not only in 3.26.0-1) as per chromium change
CVE-2018-20172 (An issue was discovered in Nagios XI before 5.5.8. The rss_url ...)
NOT-FOR-US: Nagios XI
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a3f4b7cb9242ffe12bd73b1d8abe1d6c1686fbf9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a3f4b7cb9242ffe12bd73b1d8abe1d6c1686fbf9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181219/440ad030/attachment.html>
More information about the debian-security-tracker-commits
mailing list