[Git][security-tracker-team/security-tracker][master] 3 commits: Add CVE-2019-19923/sqlite3

Salvatore Bonaccorso carnil at debian.org
Tue Dec 24 22:16:53 GMT 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d459f0ce by Salvatore Bonaccorso at 2019-12-24T22:06:32Z
Add CVE-2019-19923/sqlite3

The issue has been introduced after 3.19 and 3.20 when introducing the
support to optimize VIEWs that occur as the right operand of a LEFT
JOIN. The exact introducing commit has not been pin-pointed but is after
3.19 and the vulnerable code is not present in 3.16 based version.

- - - - -
562f3af5 by Salvatore Bonaccorso at 2019-12-24T22:14:31Z
Add CVE-2019-19924/sqlite3

- - - - -
1531b418 by Salvatore Bonaccorso at 2019-12-24T22:16:23Z
Merge remote-tracking branch 'origin/master'

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -93,9 +93,13 @@ CVE-2019-19925 (zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles
 	[stretch] - sqlite3 <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/sqlite/sqlite/commit/54d501092d88c0cf89bec4279951f548fb0b8618
 CVE-2019-19924 (SQLite 3.30.1 mishandles certain parser-tree rewriting, related to exp ...)
-	TODO: check
+	- sqlite3 <unfixed>
+	[stretch] - sqlite3 <not-affected> (Vulnerable code introduced later)
+	NOTE: https://github.com/sqlite/sqlite/commit/8654186b0236d556aa85528c2573ee0b6ab71be3
 CVE-2019-19923 (flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses o ...)
-	TODO: check
+	- sqlite3 <unfixed>
+	[stretch] - sqlite3 <not-affected> (Vulnerable code introduced later)
+	NOTE: https://github.com/sqlite/sqlite/commit/396afe6f6aa90a31303c183e11b2b2d4b7956b35
 CVE-2019-19922 (kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.cfs_quo ...)
 	- linux 5.3.9-1
 	NOTE: https://git.kernel.org/linus/de53fd7aedb100f03e5d2231cfce0e4993282425



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/be39f46004f6c69d8afe5f93ec47443323575f60...1531b4187e44922c0191362ab94696b77428a2a0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/be39f46004f6c69d8afe5f93ec47443323575f60...1531b4187e44922c0191362ab94696b77428a2a0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191224/8e9aa82c/attachment.html>

More information about the debian-security-tracker-commits mailing list