[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Sun Aug 23 09:10:29 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
967defee by security tracker role at 2020-08-23T08:10:22+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -22834,6 +22834,7 @@ CVE-2020-13873
 CVE-2020-13872 (Royal TS before 5 has a 0.0.0.0 listener, which makes it easier for at ...)
 	NOT-FOR-US: Royal TS
 CVE-2020-13871 (SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c bec ...)
+	{DLA-2340-1}
 	- sqlite3 3.32.2-2
 	[jessie] - sqlite3 <not-affected> (Vulnerable code not present)
 	NOTE: New fix: https://www.sqlite.org/src/info/44a58d6cb135a104
@@ -23527,6 +23528,7 @@ CVE-2020-13634 (In Windows Master (aka Windows Optimization Master) 7.99.13.604,
 CVE-2020-13633 (Fork before 5.8.3 allows XSS via navigation_title or title. ...)
 	NOT-FOR-US: Fork CMS
 CVE-2020-13632 (ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer der ...)
+	{DLA-2340-1}
 	- sqlite3 3.32.0-1
 	[jessie] - sqlite3 <not-affected> (Vulnerable code not present)
 	NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=1080459
@@ -23538,6 +23540,7 @@ CVE-2020-13631 (SQLite before 3.32.0 allows a virtual table to be renamed to the
 	NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=1080459
 	NOTE: https://sqlite.org/src/info/eca0ba2cf4c0fdf7
 CVE-2020-13630 (ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3Ev ...)
+	{DLA-2340-1}
 	- sqlite3 3.32.0-1
 	[jessie] - sqlite3 <not-affected> (Vulnerable code not found)
 	NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=1080459
@@ -23959,7 +23962,7 @@ CVE-2020-13435 (SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCod
 	NOTE: https://www.sqlite.org/src/info/ad7bb70af9bb68d1
 	NOTE: https://www.sqlite.org/src/info/572105de1d44bca4
 CVE-2020-13434 (SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf  ...)
-	{DLA-2221-1}
+	{DLA-2340-1 DLA-2221-1}
 	- sqlite3 3.32.1-1
 	[buster] - sqlite3 <no-dsa> (Minor issue)
 	NOTE: https://www.sqlite.org/src/info/23439ea582241138
@@ -29361,7 +29364,7 @@ CVE-2020-11656 (In SQLite through 3.31.1, the ALTER TABLE implementation has a u
 	NOTE: https://www.sqlite.org/src/info/b64674919f673602
 	NOTE: Negliglible security impact (and uncovered in DEBUG build)
 CVE-2020-11655 (SQLite through 3.31.1 allows attackers to cause a denial of service (s ...)
-	{DLA-2203-1}
+	{DLA-2340-1 DLA-2203-1}
 	- sqlite3 3.31.1-5
 	[buster] - sqlite3 <no-dsa> (Minor issue)
 	NOTE: https://www.sqlite.org/cgi/src/tktview?name=af4556bb5c
@@ -46271,6 +46274,7 @@ CVE-2019-20220 (In Support Incident Tracker (SiT!) 3.67, the search_id parameter
 CVE-2019-20219 (ngiflib 0.4 has a heap-based buffer over-read in GifIndexToTrueColor i ...)
 	NOT-FOR-US: ngiflib
 CVE-2019-20218 (selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack u ...)
+	{DLA-2340-1}
 	- sqlite3 3.30.1+fossil191229-1
 	[buster] - sqlite3 <no-dsa> (Minor issue)
 	[jessie] - sqlite3 <no-dsa> (Minor issue)
@@ -68344,6 +68348,7 @@ CVE-2019-16150 (Use of a hard-coded cryptographic key to encrypt security sensit
 CVE-2019-16149
 	RESERVED
 CVE-2019-16168 (In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can cras ...)
+	{DLA-2340-1}
 	- sqlite3 3.29.0-2
 	[buster] - sqlite3 <no-dsa> (Minor issue)
 	[jessie] - sqlite3 <no-dsa> (Minor issue)
@@ -88060,10 +88065,12 @@ CVE-2019-9939 (The SHAREit application before 4.0.36 for Android allows a remote
 CVE-2019-9938 (The SHAREit application before 4.0.42 for Android allows a remote atta ...)
 	NOT-FOR-US: SHAREit
 CVE-2019-9937 (In SQLite 3.27.2, interleaving reads and writes in a single transactio ...)
+	{DLA-2340-1}
 	- sqlite3 3.27.2-2 (low; bug #925290)
 	[jessie] - sqlite3 <not-affected> (fts5 introducded later, function not available for fts3)
 	NOTE: https://sqlite.org/src/info/45c73deb440496e8
 CVE-2019-9936 (In SQLite 3.27.2, running fts5 prefix queries inside a transaction cou ...)
+	{DLA-2340-1}
 	- sqlite3 3.27.2-2 (low; bug #925289)
 	[jessie] - sqlite3 <not-affected> (fts5 introducded later, function not available for fts3)
 	NOTE: https://sqlite.org/src/info/b3fa58dd7403dbd4
@@ -99891,7 +99898,7 @@ CVE-2019-5828 (Object lifecycle issue in ServiceWorker in Google Chrome prior to
 	- chromium 75.0.3770.80-1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2019-5827 (Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3 ...)
-	{DSA-4500-1}
+	{DSA-4500-1 DLA-2340-1}
 	- chromium 75.0.3770.80-1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 	- sqlite3 3.27.2-3
@@ -106130,7 +106137,7 @@ CVE-2018-20507 (An issue was discovered in GitLab Enterprise Edition 11.2.x thro
 	- gitlab 11.5.6+dfsg-1 (bug #918086)
 	NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
 CVE-2018-20506 (SQLite before 3.25.3, when the FTS3 extension is enabled, encounters a ...)
-	{DLA-1613-1}
+	{DLA-2340-1 DLA-1613-1}
 	- sqlite3 3.25.3-1
 	NOTE: https://sqlite.org/src/info/940f2adc8541a838
 CVE-2018-20505 (SQLite 3.25.2, when queries are run on a table with a malformed PRIMAR ...)
@@ -107283,7 +107290,7 @@ CVE-2018-20174 (rdesktop versions up to and including v1.8.3 contain an Out-Of-B
 CVE-2018-20173 (Zoho ManageEngine OpManager 12.3 before 123238 allows SQL injection vi ...)
 	NOT-FOR-US: Zoho ManageEngine OpManager
 CVE-2018-20346 (SQLite before 3.25.3, when the FTS3 extension is enabled, encounters a ...)
-	{DSA-4352-1 DLA-1613-1}
+	{DSA-4352-1 DLA-2340-1 DLA-1613-1}
 	- sqlite3 3.25.3-1
 	- chromium 71.0.3578.80-1
 	NOTE: https://blade.tencent.com/magellan/index_en.html
@@ -145236,7 +145243,7 @@ CVE-2018-8741 (A directory traversal flaw in SquirrelMail 1.4.22 allows an authe
 	NOTE: https://sourceforge.net/p/squirrelmail/bugs/2846/
 	NOTE: https://sourceforge.net/p/squirrelmail/code/14751/
 CVE-2018-8740 (In SQLite through 3.22.0, databases whose schema is corrupted using a  ...)
-	{DLA-1633-1}
+	{DLA-2340-1 DLA-1633-1}
 	- sqlite3 3.22.0-2 (bug #893195)
 	[wheezy] - sqlite3 <no-dsa> (Minor issue)
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/967defee34aab59fa1fddaef1ea9cced5e7d8e83

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/967defee34aab59fa1fddaef1ea9cced5e7d8e83
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200823/3384fb02/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list