[Git][security-tracker-team/security-tracker][master] Add notes regarding CVE-2019-5827/sqlite3 to dla-needed.txt

Jonas Meurer gitlab at salsa.debian.org
Mon Jun 17 15:02:06 BST 2019 


Jonas Meurer pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1264caea by Jonas Meurer at 2019-06-17T14:01:51Z
Add notes regarding CVE-2019-5827/sqlite3 to dla-needed.txt

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=====================================
data/dla-needed.txt
=====================================
@@ -126,11 +126,17 @@ ruby-omniauth
 sdl-image1.2
   NOTE: see libsdl2 entry.
 --
-sqlite3 (Jonas Meurer)
-  NOTE: CVE-2019-8457: The fix depends on a large former code migration. Backporting didn't succeed
-  NOTE: CVE-2019-8457: without huge amounts of code duplication. I sent a summary of my findings to
-  NOTE: CVE-2019-8457: https://lists.debian.org/debian-lts/2019/06/msg00013.html
-  NOTE: CVE-2019-5827: Patches look much more straight-forward, will work on them nevertheless.
+sqlite3
+  NOTE: CVE-2019-8457: The fix depends on a large former code migration. Backporting would imply
+  NOTE: CVE-2019-8457: huge amounts of code duplication. See summary mail to debian-lts:
+  NOTE: CVE-2019-8457: https://lists.debian.org/debian-lts/2019/06/msg00013.html (mejo, 2019-06-13)
+  NOTE: CVE-2019-5827: No public information about the actual vulnerability available yet. The
+  NOTE: CVE-2019-5827: patches from sqlite3 3.27.2-3 suggest that it's related to switching to
+  NOTE: CVE-2019-5827: 64-bit memory allocators. There's been quite some changes related to this
+  NOTE: CVE-2019-5827: migration between the Jessie version and 3.27.2-3 (from unstable). We might
+  NOTE: CVE-2019-5827: have to look into them as well. (mejo, 2019-06-17)
+  NOTE: 20190617: A preliminary package with *just* the (presumably) CVE-2019-5827 patches backported:
+  NOTE: 20190617: https://people.debian.org/~mejo/debian/jessie-security/sqlite3_3.8.7.1-1+deb8u5.dsc
 --
 tomcat8 (Abhijith PA)
   NOTE: 20190522: FTBFS



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1264caea292378531bf7447251efcf1be93d5a0d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1264caea292378531bf7447251efcf1be93d5a0d
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190617/10301100/attachment.html>

More information about the debian-security-tracker-commits mailing list