[Git][security-tracker-team/security-tracker][master] Add 3.25.3-1 as fixed version for sqlite3 issue
Salvatore Bonaccorso
carnil at debian.org
Thu Dec 20 06:13:42 GMT 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3229bef3 by Salvatore Bonaccorso at 2018-12-20T06:11:39Z
Add 3.25.3-1 as fixed version for sqlite3 issue
Issue is adressed upstream in 3.25.3, 3.26.0 added further defences.
The issue was defintively relevant for chroimium as chromium exposed
sqlite via WebSQL but fixed via the 71.0.3578.80 upstream version and
71.0.3578.80-1 in unstable (resp. 71.0.3578.80-1~deb9u1 in stretch).
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -311,7 +311,7 @@ CVE-2018-20174
CVE-2018-20173 (Zoho ManageEngine OpManager 12.3 before 123238 allows SQL injection via ...)
NOT-FOR-US: Zoho ManageEngine OpManager
CVE-2018-XXXX ["Magellan" remote code execution vulnerability]
- - sqlite3 <unfixed>
+ - sqlite3 3.25.3-1
- chromium 71.0.3578.80-1
[stretch] - chromium-browser 71.0.3578.80-1~deb9u1
NOTE: https://blade.tencent.com/magellan/index_en.html
@@ -319,7 +319,6 @@ CVE-2018-XXXX ["Magellan" remote code execution vulnerability]
NOTE: Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=1659677
NOTE: Fedora patch: https://src.fedoraproject.org/rpms/sqlite/c/d8da047b90b7eff583c50bf7fa7dc3bc37414249?branch=f28
NOTE: Upstream change: https://www.sqlite.org/src/info/940f2adc8541a838
- TODO: check, sqlite3 possibly fixed already in 3.25.3-1 (and not only in 3.26.0-1) as per chromium change
CVE-2018-20172 (An issue was discovered in Nagios XI before 5.5.8. The rss_url ...)
NOT-FOR-US: Nagios XI
CVE-2018-20171 (An issue was discovered in Nagios XI before 5.5.8. The url parameter of ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3229bef314b137b66625a44bb20675ee1a53aedb
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3229bef314b137b66625a44bb20675ee1a53aedb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181220/8751b125/attachment.html>
More information about the debian-security-tracker-commits
mailing list