[Git][security-tracker-team/security-tracker][master] Track fixed version for sqlite3 issues via unstable upload

Salvatore Bonaccorso carnil at debian.org
Sun Dec 29 22:03:28 GMT 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
da349a18 by Salvatore Bonaccorso at 2019-12-29T22:02:38Z
Track fixed version for sqlite3 issues via unstable upload

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -325,17 +325,17 @@ CVE-2019-19926 (multiSelect in select.c in SQLite 3.30.1 mishandles certain erro
 	- sqlite3 <not-affected> (Incomplete fix for CVE-2019-19880 not applied)
 	NOTE: https://github.com/sqlite/sqlite/commit/8428b3b437569338a9d1e10c4cd8154acbe33089
 CVE-2019-19925 (zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL ...)
-	- sqlite3 <unfixed>
+	- sqlite3 3.30.1+fossil191229-1
 	[stretch] - sqlite3 <not-affected> (Vulnerable code introduced later)
 	[jessie] - sqlite3 <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/sqlite/sqlite/commit/54d501092d88c0cf89bec4279951f548fb0b8618
 CVE-2019-19924 (SQLite 3.30.1 mishandles certain parser-tree rewriting, related to exp ...)
-	- sqlite3 <unfixed>
+	- sqlite3 3.30.1+fossil191229-1
 	[stretch] - sqlite3 <not-affected> (Vulnerable code introduced later)
 	[jessie] - sqlite3 <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/sqlite/sqlite/commit/8654186b0236d556aa85528c2573ee0b6ab71be3
 CVE-2019-19923 (flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses o ...)
-	- sqlite3 <unfixed>
+	- sqlite3 3.30.1+fossil191229-1
 	[stretch] - sqlite3 <not-affected> (Vulnerable code introduced later)
 	[jessie] - sqlite3 <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/sqlite/sqlite/commit/396afe6f6aa90a31303c183e11b2b2d4b7956b35
@@ -676,7 +676,7 @@ CVE-2019-19882 (shadow 4.8, in certain circumstances affecting at least Gentoo,
 CVE-2019-19881
 	RESERVED
 CVE-2019-19880 (exprListAppendList in window.c in SQLite 3.30.1 allows attackers to tr ...)
-	- sqlite3 <unfixed>
+	- sqlite3 3.30.1+fossil191229-1
 	[stretch] - sqlite3 <not-affected> (Vulnerable code introduced later)
 	[jessie] - sqlite3 <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/sqlite/sqlite/commit/75e95e1fcd52d3ec8282edb75ac8cd0814095d54
@@ -3948,7 +3948,7 @@ CVE-2019-19646 (pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an inte
 	NOTE: https://github.com/sqlite/sqlite/commit/926f796e8feec15f3836aa0a060ed906f8ae04d3
 	NOTE: https://github.com/sqlite/sqlite/commit/ebd70eedd5d6e6a890a670b5ee874a5eae86b4dd
 CVE-2019-19645 (alter.c in SQLite through 3.30.1 allows attackers to trigger infinite  ...)
-	- sqlite3 <unfixed> (bug #946612)
+	- sqlite3 3.30.1+fossil191229-1 (bug #946612)
 	NOTE: https://github.com/sqlite/sqlite/commit/38096961c7cd109110ac21d3ed7dad7e0cb0ae06
 CVE-2019-19644
 	RESERVED
@@ -4077,7 +4077,7 @@ CVE-2019-19604 (Arbitrary command execution is possible in Git before 2.20.2, 2.
 	NOTE: https://gitlab.com/gitlab-com/gl-security/disclosures/blob/master/003_git_submodule/advisory.md
 	NOTE: https://www.openwall.com/lists/oss-security/2019/12/13/1
 CVE-2019-19603 (SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent  ...)
-	- sqlite3 <unfixed>
+	- sqlite3 3.30.1+fossil191229-1
 	NOTE: https://github.com/sqlite/sqlite/commit/527cbd4a104cb93bf3994b3dd3619a6299a78b13
 CVE-2019-19601 (OpenDetex 2.8.5 has a Buffer Overflow in TexOpen in detex.l because of ...)
 	- texlive-bin <undetermined>
@@ -6602,14 +6602,14 @@ CVE-2019-19246 (Oniguruma through 6.9.3, as used in PHP 7.3.x and other products
 CVE-2019-19245 (NAPC Xinet Elegant 6 Asset Library 6.1.655 allows Pre-Authentication S ...)
 	NOT-FOR-US: NAPC Xinet Elegant 6 Asset Library
 CVE-2019-19244 (sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-sel ...)
-	- sqlite3 <unfixed> (bug #946656)
+	- sqlite3 3.30.1+fossil191229-1 (bug #946656)
 	[stretch] - sqlite3 <not-affected> (Vulnerable code introduced later)
 	[jessie] - sqlite3 <not-affected> (Vulnerable code, i.e. window functions, not present)
 	NOTE: https://github.com/sqlite/sqlite/commit/e59c562b3f6894f84c715772c4b116d7b5c01348
 CVE-2019-19243
 	RESERVED
 CVE-2019-19242 (SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_C ...)
-	- sqlite3 <unfixed>
+	- sqlite3 3.30.1+fossil191229-1
 	[jessie] - sqlite3 <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/sqlite/sqlite/commit/57f7ece78410a8aae86aa4625fb7556897db384c
 CVE-2019-19241 (In the Linux kernel before 5.4.2, the io_uring feature leads to reques ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/da349a18552cb8375c4dd56250d9cc2f5a922249

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/da349a18552cb8375c4dd56250d9cc2f5a922249
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191229/cd465a8f/attachment.html>

More information about the debian-security-tracker-commits mailing list