[Git][security-tracker-team/security-tracker][master] 2 commits: mark CVE-2019-20218 CVE-2019-19645 CVE-2019-19603 as no-dsa for Jessie

Mon Jan 27 09:49:38 GMT 2020


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
259e05d1 by Thorsten Alteholz at 2020-01-27T10:49:20+01:00
mark CVE-2019-20218 CVE-2019-19645 CVE-2019-19603 as no-dsa for Jessie

- - - - -
ee086ecf by Thorsten Alteholz at 2020-01-27T10:49:20+01:00
all CVEs for sqlite3 marked as no-dsa

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -6300,6 +6300,7 @@ CVE-2019-20218 (selectExpander in select.c in SQLite 3.30.1 proceeds with WITH s
 	- sqlite3 3.30.1+fossil191229-1
 	[buster] - sqlite3 <no-dsa> (Minor issue)
 	[stretch] - sqlite3 <no-dsa> (Minor issue)
+	[jessie] - sqlite3 <no-dsa> (Minor issue)
 	NOTE: Fixed by: https://github.com/sqlite/sqlite/commit/a6c1a71cde082e09750465d5675699062922e387
 CVE-2019-20217
 	RESERVED
@@ -13287,6 +13288,7 @@ CVE-2019-19645 (alter.c in SQLite through 3.30.1 allows attackers to trigger inf
 	- sqlite3 3.30.1+fossil191229-1 (bug #946612)
 	[buster] - sqlite3 <no-dsa> (Minor issue)
 	[stretch] - sqlite3 <no-dsa> (Minor issue)
+	[jessie] - sqlite3 <no-dsa> (Minor issue)
 	NOTE: https://github.com/sqlite/sqlite/commit/38096961c7cd109110ac21d3ed7dad7e0cb0ae06
 CVE-2019-19644
 	RESERVED
@@ -13417,6 +13419,7 @@ CVE-2019-19603 (SQLite 3.30.1 mishandles certain SELECT statements with a nonexi
 	- sqlite3 3.30.1+fossil191229-1
 	[buster] - sqlite3 <no-dsa> (Minor issue)
 	[stretch] - sqlite3 <no-dsa> (Minor issue)
+	[jessie] - sqlite3 <no-dsa> (Minor issue)
 	NOTE: https://github.com/sqlite/sqlite/commit/527cbd4a104cb93bf3994b3dd3619a6299a78b13
 CVE-2019-19601 (OpenDetex 2.8.5 has a Buffer Overflow in TexOpen in detex.l because of ...)
 	- texlive-bin <unfixed> (unimportant; bug #949630)


=====================================
data/dla-needed.txt
=====================================
@@ -114,10 +114,6 @@ slurm-llnl
   NOTE: 20191125: up for testing https://people.debian.org/~abhijith/upload/slurm-llnl_14.03.9-5+deb8u5.dsc
   NOTE: Regression found. (abhijith)
 --
-sqlite3 (Thorsten Alteholz)
-  NOTE: 20191212: look at no-dsa as well
-  NOTE: 20200126: WIP
---
 squid3
   NOTE: 20191210: CVE-2019-12523 and CVE-2019-18676 Requires new API SBuf.
   NOTE: 20200116: Researched other distros to see if any had backported the fixes.  No luck.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/564c8456ed5a28be9b333a2f3b03062e750b537c...ee086ecf306074d40a50ae749b8549a900ddb866

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/564c8456ed5a28be9b333a2f3b03062e750b537c...ee086ecf306074d40a50ae749b8549a900ddb866
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200127/0ff1c6b1/attachment.html>
