[Git][security-tracker-team/security-tracker][master] Add information on CVE-2019-19926/sqlite3

Mon Dec 23 13:14:25 GMT 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ebeda4f7 by Salvatore Bonaccorso at 2019-12-23T13:13:40Z
Add information on CVE-2019-19926/sqlite3

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -33,7 +33,8 @@ CVE-2019-19928
 CVE-2019-19927
 	RESERVED
 CVE-2019-19926 (multiSelect in select.c in SQLite 3.30.1 mishandles certain errors dur ...)
-	TODO: check
+	- sqlite3 <not-affected> (Incomplete fix for CVE-2019-19880 not applied)
+	NOTE: https://github.com/sqlite/sqlite/commit/8428b3b437569338a9d1e10c4cd8154acbe33089
 CVE-2019-19925
 	RESERVED
 CVE-2019-19924
@@ -376,6 +377,9 @@ CVE-2019-19880 (exprListAppendList in window.c in SQLite 3.30.1 allows attackers
 	[stretch] - sqlite3 <not-affected> (Vulnerable code introduced later)
 	[jessie] - sqlite3 <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/sqlite/sqlite/commit/75e95e1fcd52d3ec8282edb75ac8cd0814095d54
+	NOTE: When fixing this issue make sure to apply as well
+	NOTE: https://github.com/sqlite/sqlite/commit/8428b3b437569338a9d1e10c4cd8154acbe33089
+	NOTE: to not open CVE-2019-19926.
 CVE-2019-19879
 	RESERVED
 CVE-2019-19878



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ebeda4f7d8c9a7b47cd50fed84abdd40b7e2f055

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ebeda4f7d8c9a7b47cd50fed84abdd40b7e2f055
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191223/44ef27db/attachment.html>
