[Git][security-tracker-team/security-tracker][master] dla: triage sqlite as no-dsa
Emilio Pozuelo Monfort
pochu at debian.org
Tue Aug 13 10:29:51 BST 2019
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker
Commits:
99b1a3ce by Emilio Pozuelo Monfort at 2019-08-13T09:29:18Z
dla: triage sqlite as no-dsa
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -19329,6 +19329,7 @@ CVE-2019-8458 (Check Point Endpoint Security Client for Windows, with Anti-Malwa
CVE-2019-8457 (SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-o ...)
- sqlite3 3.27.2-3 (bug #929775)
[stretch] - sqlite3 <no-dsa> (Minor issue; can be fixed via point release)
+ [jessie] - sqlite3 <no-dsa> (Minor issue)
NOTE: Fixed by: https://www.sqlite.org/src/info/90acdbfce9c08858
NOTE: Make the internal dynamic string interface available to extensions:
NOTE: https://sqlite.org/src/info/87f261f0cb800b06
@@ -25864,6 +25865,7 @@ CVE-2019-5827 (Integer overflow in SQLite via WebSQL in Google Chrome prior to 7
- chromium 75.0.3770.80-1
- sqlite3 3.27.2-3
[stretch] - sqlite3 <no-dsa> (Minor issue; mainly with inpact in chromium)
+ [jessie] - sqlite3 <no-dsa> (Minor issue; mainly with inpact in chromium)
NOTE: https://www.sqlite.org/src/info/07ee06fd390bfebe
NOTE: https://www.sqlite.org/src/info/0b6ae032c28e7fe3
CVE-2019-5826
=====================================
data/dla-needed.txt
=====================================
@@ -115,17 +115,6 @@ slurm-llnl
sox
NOTE: 20190721: no patch available (hle)
--
-sqlite3
- NOTE: CVE-2019-8457: Should be ignored, based on the discussion on debian-lts:
- NOTE: CVE-2019-8457: https://lists.debian.org/debian-lts/2019/06/msg00013.html (mejo, 2019-06-13)
- NOTE: CVE-2019-5827: No public information about the actual vulnerability available yet. The
- NOTE: CVE-2019-5827: patches from sqlite3 3.27.2-3 suggest that it's related to switching to
- NOTE: CVE-2019-5827: 64-bit memory allocators. There's been quite some changes related to this
- NOTE: CVE-2019-5827: migration between the Jessie version and 3.27.2-3 (from unstable). We might
- NOTE: CVE-2019-5827: have to look into them as well. (mejo, 2019-06-17)
- NOTE: 20190617: A preliminary package with *just* the (presumably) CVE-2019-5827 patches backported:
- NOTE: 20190617: https://people.debian.org/~mejo/debian/jessie-security/sqlite3_3.8.7.1-1+deb8u5.dsc
---
subversion
NOTE: 20190804: For (at least) CVE-2018-11782 the svn_err_trace that is in the diff has not been added yet. (lamby)
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/99b1a3cec773eebdfa1a7bda484db7091a482cf7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/99b1a3cec773eebdfa1a7bda484db7091a482cf7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190813/2b697353/attachment.html>
More information about the debian-security-tracker-commits
mailing list