[Git][security-tracker-team/security-tracker][master] LTS: update issues which are to be fixed in stretch

Sat Aug 22 23:30:24 BST 2020


Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1796ddef by Roberto C. Sánchez at 2020-08-22T18:30:05-04:00
LTS: update issues which are to be fixed in stretch

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -23962,7 +23962,6 @@ CVE-2020-13434 (SQLite through 3.32.0 has an integer overflow in sqlite3_str_vap
 	{DLA-2221-1}
 	- sqlite3 3.32.1-1
 	[buster] - sqlite3 <no-dsa> (Minor issue)
-	[stretch] - sqlite3 <no-dsa> (Minor issue)
 	NOTE: https://www.sqlite.org/src/info/23439ea582241138
 	NOTE: https://www.sqlite.org/src/info/d08d3405878d394e
 CVE-2020-13433 (Jason2605 AdminPanel 4.0 allows SQL Injection via the editPlayer.php h ...)
@@ -29365,7 +29364,6 @@ CVE-2020-11655 (SQLite through 3.31.1 allows attackers to cause a denial of serv
 	{DLA-2203-1}
 	- sqlite3 3.31.1-5
 	[buster] - sqlite3 <no-dsa> (Minor issue)
-	[stretch] - sqlite3 <no-dsa> (Minor issue)
 	NOTE: https://www.sqlite.org/cgi/src/tktview?name=af4556bb5c
 	NOTE: Issue covered before: https://www.sqlite.org/cgi/src/info/712e47714863a8ed
 	NOTE: Fixed by: https://www.sqlite.org/cgi/src/info/4a302b42c7bf5e11
@@ -46274,7 +46272,6 @@ CVE-2019-20219 (ngiflib 0.4 has a heap-based buffer over-read in GifIndexToTrueC
 CVE-2019-20218 (selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack u ...)
 	- sqlite3 3.30.1+fossil191229-1
 	[buster] - sqlite3 <no-dsa> (Minor issue)
-	[stretch] - sqlite3 <no-dsa> (Minor issue)
 	[jessie] - sqlite3 <no-dsa> (Minor issue)
 	NOTE: Fixed by: https://github.com/sqlite/sqlite/commit/a6c1a71cde082e09750465d5675699062922e387
 CVE-2019-20217 (D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers  ...)
@@ -68344,7 +68341,6 @@ CVE-2019-16149
 CVE-2019-16168 (In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can cras ...)
 	- sqlite3 3.29.0-2
 	[buster] - sqlite3 <no-dsa> (Minor issue)
-	[stretch] - sqlite3 <no-dsa> (Minor issue)
 	[jessie] - sqlite3 <no-dsa> (Minor issue)
 	NOTE: https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg116312.html
 	NOTE: https://www.sqlite.org/src/info/e4598ecbdd18bd82945f6029013296690e719a62
@@ -88059,12 +88055,10 @@ CVE-2019-9938 (The SHAREit application before 4.0.42 for Android allows a remote
 	NOT-FOR-US: SHAREit
 CVE-2019-9937 (In SQLite 3.27.2, interleaving reads and writes in a single transactio ...)
 	- sqlite3 3.27.2-2 (low; bug #925290)
-	[stretch] - sqlite3 <no-dsa> (Minor issue)
 	[jessie] - sqlite3 <not-affected> (fts5 introducded later, function not available for fts3)
 	NOTE: https://sqlite.org/src/info/45c73deb440496e8
 CVE-2019-9936 (In SQLite 3.27.2, running fts5 prefix queries inside a transaction cou ...)
 	- sqlite3 3.27.2-2 (low; bug #925289)
-	[stretch] - sqlite3 <no-dsa> (Minor issue)
 	[jessie] - sqlite3 <not-affected> (fts5 introducded later, function not available for fts3)
 	NOTE: https://sqlite.org/src/info/b3fa58dd7403dbd4
 CVE-2019-9935 (Various Lexmark products have Incorrect Access Control (issue 2 of 2). ...)
@@ -99895,7 +99889,6 @@ CVE-2019-5827 (Integer overflow in SQLite via WebSQL in Google Chrome prior to 7
 	- chromium 75.0.3770.80-1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 	- sqlite3 3.27.2-3
-	[stretch] - sqlite3 <no-dsa> (Minor issue; mainly with inpact in chromium)
 	[jessie] - sqlite3 <no-dsa> (Minor issue; mainly with inpact in chromium)
 	NOTE: https://www.sqlite.org/src/info/07ee06fd390bfebe
 	NOTE: https://www.sqlite.org/src/info/0b6ae032c28e7fe3
@@ -106133,7 +106126,6 @@ CVE-2018-20507 (An issue was discovered in GitLab Enterprise Edition 11.2.x thro
 CVE-2018-20506 (SQLite before 3.25.3, when the FTS3 extension is enabled, encounters a ...)
 	{DLA-1613-1}
 	- sqlite3 3.25.3-1
-	[stretch] - sqlite3 <no-dsa> (Minor issue)
 	NOTE: https://sqlite.org/src/info/940f2adc8541a838
 CVE-2018-20505 (SQLite 3.25.2, when queries are run on a table with a malformed PRIMAR ...)
 	- sqlite3 3.25.3-1
@@ -107287,7 +107279,6 @@ CVE-2018-20173 (Zoho ManageEngine OpManager 12.3 before 123238 allows SQL inject
 CVE-2018-20346 (SQLite before 3.25.3, when the FTS3 extension is enabled, encounters a ...)
 	{DSA-4352-1 DLA-1613-1}
 	- sqlite3 3.25.3-1
-	[stretch] - sqlite3 <no-dsa> (Minor issue)
 	- chromium 71.0.3578.80-1
 	NOTE: https://blade.tencent.com/magellan/index_en.html
 	NOTE: RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1659379
@@ -145240,7 +145231,6 @@ CVE-2018-8741 (A directory traversal flaw in SquirrelMail 1.4.22 allows an authe
 CVE-2018-8740 (In SQLite through 3.22.0, databases whose schema is corrupted using a  ...)
 	{DLA-1633-1}
 	- sqlite3 3.22.0-2 (bug #893195)
-	[stretch] - sqlite3 <no-dsa> (Minor issue)
 	[wheezy] - sqlite3 <no-dsa> (Minor issue)
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349
 	NOTE: https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1796ddef17558c752bc2847436b30ee18495a15c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1796ddef17558c752bc2847436b30ee18495a15c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200822/c3b358b2/attachment-0001.html>
