[Git][security-tracker-team/security-tracker][master] Revert "Update status on CVE-2019-19242/sqlite3"

Salvatore Bonaccorso carnil at debian.org
Sat Jan 11 22:51:17 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ff8e9ea0 by Salvatore Bonaccorso at 2020-01-11T23:49:18+01:00
Revert "Update status on CVE-2019-19242/sqlite3"

The issue is actually about misshandling pExpr->y.pTab, in
sqlite3ExprCodeTarget in expr.c . Whilst the issue was triggerable in
the 'generated column' case it's not assured that there is no issue in
previous version.

To play on safe side rather continue to mark it accordingly as affected
where in expr.c in sqlite3ExprCodeTarget pExpr->y.pTab is not checked.
This is at least the case for the 3.30.1-1 version which was in unstable
at some point.

This reverts commit 93af29d7d3c705b331d75466ef48c2f8418c613c.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -13323,7 +13323,8 @@ CVE-2019-19244 (sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a s
 CVE-2019-19243
 	RESERVED
 CVE-2019-19242 (SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_C ...)
-	- sqlite3 <not-affected> (Generated column support added later)
+	- sqlite3 3.30.1+fossil191229-1
+	[jessie] - sqlite3 <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/sqlite/sqlite/commit/57f7ece78410a8aae86aa4625fb7556897db384c
 CVE-2019-19241 (In the Linux kernel before 5.4.2, the io_uring feature leads to reques ...)
 	- linux 5.3.15-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ff8e9ea0790e20bbd98b31e1b6a57c98eb87619a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ff8e9ea0790e20bbd98b31e1b6a57c98eb87619a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200111/06a7f9eb/attachment.html>

More information about the debian-security-tracker-commits mailing list