[Git][security-tracker-team/security-tracker][master] Add CVE-2020-11655/sqlite

Salvatore Bonaccorso carnil at debian.org
Mon Apr 13 10:39:52 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2de2ae71 by Salvatore Bonaccorso at 2020-04-13T11:37:13+02:00
Add CVE-2020-11655/sqlite

For stretch I have opted to be on safe side and marked it as no-dsa. The
issue might have only been introduced when introducing the window
function, but this is not completely clear if it is just uncovered since
then. The affected and patched funkctions are presenet before but the
issue might have been introduced after that. Still do not want to mark
something as not-affected wrongly and play safe here.

Before upsteam https://www3.sqlite.org/cgi/src/info/712e47714863a8ed the
issue triggers an assert instead of a segfault but it is "just covered"
by the first reached assert.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -166,7 +166,12 @@ CVE-2020-11657
 CVE-2020-11656 (In SQLite through 3.31.1, the ALTER TABLE implementation has a use-aft ...)
 	TODO: check
 CVE-2020-11655 (SQLite through 3.31.1 allows attackers to cause a denial of service (s ...)
-	TODO: check
+	- sqlite3 <unfixed>
+	[buster] - sqlite3 <no-dsa> (Minor issue)
+	[stretch] - sqlite3 <no-dsa> (Minor issue)
+	NOTE: https://www3.sqlite.org/cgi/src/tktview?name=af4556bb5c
+	NOTE: Issue covered before: https://www3.sqlite.org/cgi/src/info/712e47714863a8ed
+	NOTE: Fixed by: https://www3.sqlite.org/cgi/src/info/4a302b42c7bf5e11
 CVE-2020-11654
 	RESERVED
 CVE-2020-11653 (An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2de2ae719afd69f568ba6be9b792fe5eba08a9f3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2de2ae719afd69f568ba6be9b792fe5eba08a9f3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200413/7ee0df4e/attachment.html>

More information about the debian-security-tracker-commits mailing list