[Git][security-tracker-team/security-tracker][master] one sqlite3 issue n/a for buster

Moritz Muehlenhoff jmm at debian.org
Thu Oct 1 22:18:31 BST 2020 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
75f51891 by Moritz Muehlenhoff at 2020-10-01T23:18:17+02:00
one sqlite3 issue n/a for buster
add more git mirror commit refs for sqlite3 in addition to the crude fossil links

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -33946,6 +33946,9 @@ CVE-2020-11655 (SQLite through 3.31.1 allows attackers to cause a denial of serv
 	NOTE: https://www.sqlite.org/cgi/src/tktview?name=af4556bb5c
 	NOTE: Issue covered before: https://www.sqlite.org/cgi/src/info/712e47714863a8ed
 	NOTE: Fixed by: https://www.sqlite.org/cgi/src/info/4a302b42c7bf5e11
+	NOTE: https://github.com/sqlite/sqlite/commit/3251a2031bfd29f338a5fda1a08c18878296d354
+	NOTE: https://github.com/sqlite/sqlite/commit/c415d91007e1680e4eb17def583b202c3c83c718
+	NOTE: https://github.com/sqlite/sqlite/commit/4db7ab53f9c30e2e22731ace93ab6b18eef6c4ae
 CVE-2020-11654
 	RESERVED
 CVE-2020-11653 (An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6 ...)
@@ -39232,9 +39235,8 @@ CVE-2020-9796
 CVE-2020-9795 (A use after free issue was addressed with improved memory management.  ...)
 	NOT-FOR-US: Apple
 CVE-2020-9794 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
-	- sqlite3 <undetermined>
-	NOTE: https://vuldb.com/?id.155768
-	NOTE: As usual Apple advisories are too unspecific
+	NOT-FOR-US: sqlite3 as used by Apple
+	NOTE: No details available due to typical Apple intransparency
 CVE-2020-9793 (A memory corruption issue was addressed with improved input validation ...)
 	NOT-FOR-US: Apple
 CVE-2020-9792 (A validation issue was addressed with improved input sanitization. Thi ...)
@@ -40418,6 +40420,8 @@ CVE-2020-9327 (In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to tri
 	NOTE: https://www.sqlite.org/cgi/src/info/4374860b29383380
 	NOTE: https://www.sqlite.org/cgi/src/info/9d0d4ab95dc0c56e
 	NOTE: https://www.sqlite.org/cgi/src/info/abc473fb8fb99900
+	NOTE: https://github.com/sqlite/sqlite/commit/bf48ce49f7c25e5d4524de9fdc5c0d505218d06d
+	NOTE: https://github.com/sqlite/sqlite/commit/78d1d225d87af40f5bdca57fa72f00b6ffaffa21
 CVE-2020-9326 (BeyondTrust Privilege Management for Windows and Mac (aka PMWM; former ...)
 	NOT-FOR-US: BeyondTrust Privilege Management for Windows and Mac
 CVE-2020-9325 (Aquaforest TIFF Server 4.0 allows Unauthenticated Arbitrary File Downl ...)
@@ -61303,7 +61307,7 @@ CVE-2019-19243
 	RESERVED
 CVE-2019-19242 (SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_C ...)
 	- sqlite3 3.30.1+fossil191229-1
-	[buster] - sqlite3 <no-dsa> (Minor issue)
+	[buster] - sqlite3 <not-affected> (Vulnerable code not present)
 	[stretch] - sqlite3 <not-affected> (Vulnerable code introduced later)
 	[jessie] - sqlite3 <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/sqlite/sqlite/commit/57f7ece78410a8aae86aa4625fb7556897db384c
@@ -73073,6 +73077,7 @@ CVE-2019-16168 (In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c ca
 	NOTE: https://www.sqlite.org/src/info/e4598ecbdd18bd82945f6029013296690e719a62
 	NOTE: Fixed by: https://www.sqlite.org/src/info/d93508fc9913cfe6
 	NOTE: Introduced by: https://www.sqlite.org/src/info/90e36676476e8db0
+	NOTE: https://github.com/sqlite/sqlite/commit/725dd72400872da94dcfb6af48128905b93d57fe
 CVE-2019-16148 (Sakai through 12.6 allows XSS via a chat user name. ...)
 	NOT-FOR-US: Sakai
 CVE-2019-16147 (Liferay Portal through 7.2.0 GA1 allows XSS via a journal article titl ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/75f51891dccb4590375a8b964baacb863788c204

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/75f51891dccb4590375a8b964baacb863788c204
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201001/c0e6ac9d/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list