[Git][security-tracker-team/security-tracker][master] 2 commits: sqlite3: Remove no-dsa tags for Jessie

Markus Koschany apo at debian.org
Fri Jan 11 15:12:02 GMT 2019 

Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
81805895 by Markus Koschany at 2019-01-11T15:11:45Z
sqlite3: Remove no-dsa tags for Jessie

- - - - -
ed9a47db by Markus Koschany at 2019-01-11T15:11:45Z
Reserve DLA-1633-1 for sqlite3

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -43784,7 +43784,6 @@ CVE-2018-8741 (A directory traversal flaw in SquirrelMail 1.4.22 allows an ...)
 CVE-2018-8740 (In SQLite through 3.22.0, databases whose schema is corrupted using a ...)
 	- sqlite3 3.22.0-2 (bug #893195)
 	[stretch] - sqlite3 <no-dsa> (Minor issue)
-	[jessie] - sqlite3 <no-dsa> (Minor issue)
 	[wheezy] - sqlite3 <no-dsa> (Minor issue)
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349
 	NOTE: https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b
@@ -88289,7 +88288,6 @@ CVE-2017-10989 (The getNodeSize function in ext/rtree/rtree.c in SQLite through
 	{DLA-1018-1}
 	- sqlite3 3.19.3-3 (bug #867618)
 	[stretch] - sqlite3 3.16.2-5+deb9u1
-	[jessie] - sqlite3 <no-dsa> (Minor issue)
 	NOTE: https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26
 	NOTE: https://sqlite.org/src/info/66de6f4a
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937
@@ -114513,21 +114511,18 @@ CVE-2017-2521 (An issue was discovered in certain Apple products. iOS before 10.
 	NOTE: Not covered by security support
 CVE-2017-2520 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
 	- sqlite3 3.16.2-1
-	[jessie] - sqlite3 <no-dsa> (Minor issue)
 	[wheezy] - sqlite3 <not-affected> (Vulnerable code not present)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=384
 	NOTE: https://clusterfuzz-external.appspot.com/testcase?key=5694101458518016
 	NOTE: Fixed by: https://www.sqlite.org/src/info/2dc7eeb5b4d2eaf1
 CVE-2017-2519 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
 	- sqlite3 3.16.0-1
-	[jessie] - sqlite3 <no-dsa> (Minor issue)
 	[wheezy] - sqlite3 <not-affected> (Vulnerable code not present)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=288
 	NOTE: https://clusterfuzz-external.appspot.com/testcase?key=6739028850245632
 	NOTE: Fixed by: https://www.sqlite.org/src/info/d08b72c38ff6fae6
 CVE-2017-2518 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
 	- sqlite3 3.15.2-1
-	[jessie] - sqlite3 <no-dsa> (Minor issue)
 	[wheezy] - sqlite3 <no-dsa> (Minor issue)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=199
 	NOTE: https://clusterfuzz-external.appspot.com/testcase?key=4603622180519936


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[11 Jan 2019] DLA-1633-1 sqlite3 - security update
+	{CVE-2017-2518 CVE-2017-2519 CVE-2017-2520 CVE-2017-10989 CVE-2018-8740}
+	[jessie] - sqlite3 3.8.7.1-1+deb8u4
 [10 Jan 2019] DLA-1632-1 libsndfile - security update
 	{CVE-2018-19758}
 	[jessie] - libsndfile 1.0.25-9.1+deb8u3


=====================================
data/dla-needed.txt
=====================================
@@ -101,13 +101,6 @@ qemu (Hugo Lefeuvre)
   NOTE: CVE-2018-19665: no practical exploit at the moment + patch quite big (but easy to review, though)
   NOTE: CVE-2018-19665: this is a good candidate for no-dsa
 --
-sqlite3 (Markus Koschany)
-  NOTE: Consider to fix no-dsa issues too because they are already fixed in
-  NOTE: Stretch and later versions and sqlite3 is a widely used package.
-  NOTE: 20181221: Magellan CVE fixed, no-dsa issues untouched due to lack of time
-  NOTE: 20181221: re-added sqlite3, so that no-dsa issues stay on our radar
-  NOTE: 20181221: low-prio, pick it if all other packages are taken...
---
 sssd (Mike Gabriel)
   NOTE: 20181220: Specific fixes for older branches will be provided in January 2019. (apo)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/0d25901ffb6e1a88b4c86fd779c84bf165eb52ce...ed9a47dbb3a7dd4c69353533554e9cabb5bcd846

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/0d25901ffb6e1a88b4c86fd779c84bf165eb52ce...ed9a47dbb3a7dd4c69353533554e9cabb5bcd846
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190111/6a0273e1/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list