[Git][security-tracker-team/security-tracker][master] 2 commits: sqlite3: Remove no-dsa tags for Jessie
Markus Koschany
apo at debian.org
Fri Jan 11 15:12:02 GMT 2019
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits:
81805895 by Markus Koschany at 2019-01-11T15:11:45Z
sqlite3: Remove no-dsa tags for Jessie
- - - - -
ed9a47db by Markus Koschany at 2019-01-11T15:11:45Z
Reserve DLA-1633-1 for sqlite3
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -43784,7 +43784,6 @@ CVE-2018-8741 (A directory traversal flaw in SquirrelMail 1.4.22 allows an ...)
CVE-2018-8740 (In SQLite through 3.22.0, databases whose schema is corrupted using a ...)
- sqlite3 3.22.0-2 (bug #893195)
[stretch] - sqlite3 <no-dsa> (Minor issue)
- [jessie] - sqlite3 <no-dsa> (Minor issue)
[wheezy] - sqlite3 <no-dsa> (Minor issue)
NOTE: https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349
NOTE: https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b
@@ -88289,7 +88288,6 @@ CVE-2017-10989 (The getNodeSize function in ext/rtree/rtree.c in SQLite through
{DLA-1018-1}
- sqlite3 3.19.3-3 (bug #867618)
[stretch] - sqlite3 3.16.2-5+deb9u1
- [jessie] - sqlite3 <no-dsa> (Minor issue)
NOTE: https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26
NOTE: https://sqlite.org/src/info/66de6f4a
NOTE: https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937
@@ -114513,21 +114511,18 @@ CVE-2017-2521 (An issue was discovered in certain Apple products. iOS before 10.
NOTE: Not covered by security support
CVE-2017-2520 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
- sqlite3 3.16.2-1
- [jessie] - sqlite3 <no-dsa> (Minor issue)
[wheezy] - sqlite3 <not-affected> (Vulnerable code not present)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=384
NOTE: https://clusterfuzz-external.appspot.com/testcase?key=5694101458518016
NOTE: Fixed by: https://www.sqlite.org/src/info/2dc7eeb5b4d2eaf1
CVE-2017-2519 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
- sqlite3 3.16.0-1
- [jessie] - sqlite3 <no-dsa> (Minor issue)
[wheezy] - sqlite3 <not-affected> (Vulnerable code not present)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=288
NOTE: https://clusterfuzz-external.appspot.com/testcase?key=6739028850245632
NOTE: Fixed by: https://www.sqlite.org/src/info/d08b72c38ff6fae6
CVE-2017-2518 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
- sqlite3 3.15.2-1
- [jessie] - sqlite3 <no-dsa> (Minor issue)
[wheezy] - sqlite3 <no-dsa> (Minor issue)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=199
NOTE: https://clusterfuzz-external.appspot.com/testcase?key=4603622180519936
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[11 Jan 2019] DLA-1633-1 sqlite3 - security update
+ {CVE-2017-2518 CVE-2017-2519 CVE-2017-2520 CVE-2017-10989 CVE-2018-8740}
+ [jessie] - sqlite3 3.8.7.1-1+deb8u4
[10 Jan 2019] DLA-1632-1 libsndfile - security update
{CVE-2018-19758}
[jessie] - libsndfile 1.0.25-9.1+deb8u3
=====================================
data/dla-needed.txt
=====================================
@@ -101,13 +101,6 @@ qemu (Hugo Lefeuvre)
NOTE: CVE-2018-19665: no practical exploit at the moment + patch quite big (but easy to review, though)
NOTE: CVE-2018-19665: this is a good candidate for no-dsa
--
-sqlite3 (Markus Koschany)
- NOTE: Consider to fix no-dsa issues too because they are already fixed in
- NOTE: Stretch and later versions and sqlite3 is a widely used package.
- NOTE: 20181221: Magellan CVE fixed, no-dsa issues untouched due to lack of time
- NOTE: 20181221: re-added sqlite3, so that no-dsa issues stay on our radar
- NOTE: 20181221: low-prio, pick it if all other packages are taken...
---
sssd (Mike Gabriel)
NOTE: 20181220: Specific fixes for older branches will be provided in January 2019. (apo)
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/0d25901ffb6e1a88b4c86fd779c84bf165eb52ce...ed9a47dbb3a7dd4c69353533554e9cabb5bcd846
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/0d25901ffb6e1a88b4c86fd779c84bf165eb52ce...ed9a47dbb3a7dd4c69353533554e9cabb5bcd846
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190111/6a0273e1/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list