[Git][security-tracker-team/security-tracker][master] LTS: Mark CVE-2019-8457/{db5.3,sqlite3} as ignored

Roberto C. Sánchez (@roberto) roberto at debian.org
Sat Jun 3 14:45:11 BST 2023 


Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fd91ffaa by Roberto C. Sánchez at 2023-06-03T09:44:52-04:00
LTS: Mark CVE-2019-8457/{db5.3,sqlite3} as ignored

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -298717,11 +298717,11 @@ CVE-2019-8458 (Check Point Endpoint Security Client for Windows, with Anti-Malwa
 CVE-2019-8457 (SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-o ...)
 	- db5.3 5.3.28+dfsg1-0.9 (bug #1010974)
 	[bullseye] - db5.3 <no-dsa> (Minor issue)
-	[buster] - db5.3 <no-dsa> (Minor issue)
-	[stretch] - db5.3 <no-dsa> (Minor issue)
+	[buster] - db5.3 <ignored> (vulnerable code is present but unused in Debian, and fix is too risky to backport)
+	[stretch] - db5.3 <ignored> (vulnerable code is present but unused in Debian, and fix is too risky to backport)
 	- sqlite3 3.27.2-3 (bug #929775)
-	[stretch] - sqlite3 <no-dsa> (Minor issue; can be fixed via point release)
-	[jessie] - sqlite3 <no-dsa> (Minor issue)
+	[stretch] - sqlite3 <ignored> (vulnerable code is present but unused in Debian, and fix is too risky to backport)
+	[jessie] - sqlite3 <ignored> (vulnerable code is present but unused in Debian, and fix is too risky to backport)
 	- sqlite <not-affected> (rtree extension not present in v2)
 	NOTE: Fixed by: https://www.sqlite.org/src/info/90acdbfce9c08858
 	NOTE: Make the internal dynamic string interface available to extensions:



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd91ffaa5d850d1ec5fecd0fb75ed4d28ba468f0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd91ffaa5d850d1ec5fecd0fb75ed4d28ba468f0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230603/ab8add16/attachment.htm>

More information about the debian-security-tracker-commits mailing list