[Git][security-tracker-team/security-tracker][master] 2 commits: LTS: triage CVE-2020-9327/sqlite3 in jessie

Roberto C. Sánchez roberto at debian.org
Sat Feb 22 16:30:07 GMT 2020 


Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker


Commits:
95f95f1a by Roberto C. Sánchez at 2020-02-22T11:29:11-05:00
LTS: triage CVE-2020-9327/sqlite3 in jessie

- - - - -
c9f44d44 by Roberto C. Sánchez at 2020-02-22T11:29:52-05:00
LTS: remove sqlite3 from dla-needed.txt, no open vulnerabilities

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -18,6 +18,7 @@ CVE-2020-9327 (In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to tri
 	- sqlite3 3.31.1-3 (bug #951835)
 	[buster] - sqlite3 <no-dsa> (Minor issue)
 	[stretch] - sqlite3 <no-dsa> (Minor issue)
+	[jessie] - sqlite3 <not-affected> (vulnerable code not present)
 	NOTE: https://www.sqlite.org/cgi/src/info/4374860b29383380
 	NOTE: https://www.sqlite.org/cgi/src/info/9d0d4ab95dc0c56e
 	NOTE: https://www.sqlite.org/cgi/src/info/abc473fb8fb99900


=====================================
data/dla-needed.txt
=====================================
@@ -77,8 +77,6 @@ slurm-llnl
   NOTE: 20191125: up for testing https://people.debian.org/~abhijith/upload/slurm-llnl_14.03.9-5+deb8u5.dsc
   NOTE: Regression found. (abhijith)
 --
-sqlite3 (Roberto C. Sánchez)
---
 squid3 (Markus Koschany)
   NOTE: 20191210: CVE-2019-12523 and CVE-2019-18676 Requires new API SBuf.
   NOTE: 20200116: Researched other distros to see if any had backported the fixes.  No luck.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/9860148204408e18998f2055c83d5d2080a12bf6...c9f44d44743b995717f0a7a7fc8514dd48f3ee98

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/9860148204408e18998f2055c83d5d2080a12bf6...c9f44d44743b995717f0a7a7fc8514dd48f3ee98
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200222/ce541638/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list