[Git][security-tracker-team/security-tracker][master] add note to CVE-2020-13434/CVE-2015-3416 (sqlite) with addtional
Tobias Frost (@tobi)
tobi at debian.org
Sun May 14 07:56:23 BST 2023
Tobias Frost pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cbcada12 by Tobias Frost at 2023-05-14T08:56:03+02:00
add note to CVE-2020-13434/CVE-2015-3416 (sqlite) with addtional
information why this is not affecting sqlite2.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -226233,6 +226233,7 @@ CVE-2020-13434 (SQLite through 3.32.0 has an integer overflow in sqlite3_str_vap
NOTE: https://www.sqlite.org/src/info/23439ea582241138
NOTE: https://www.sqlite.org/src/info/d08d3405878d394e
NOTE: https://github.com/sqlite/sqlite/commit/dd6c33d372f3b83f4fe57904c2bd5ebba5c38018
+ NOTE: floating point precision limit safeguards are present in sqlite (V2), refactoring in V3 made it vulnerable.
CVE-2020-13433 (Jason2605 AdminPanel 4.0 allows SQL Injection via the editPlayer.php h ...)
NOT-FOR-US: Jason2605 AdminPanel
CVE-2020-13432 (rejetto HFS (aka HTTP File Server) v2.3m Build #300, when virtual file ...)
@@ -471942,6 +471943,7 @@ CVE-2015-3416 (The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 d
NOTE: http://www.sqlite.org/src/info/c494171f77dc2e5e
NOTE: http://seclists.org/bugtraq/2015/Apr/97
NOTE: https://lists.debian.org/debian-lts/2015/06/msg00031.html
+ NOTE: width/precision limit safeguards are present in sqlite (V2), refactoring in V3 made it vulnerable.
CVE-2015-3415 (The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not ...)
{DSA-3252-1}
- sqlite3 3.8.9-1 (bug #783968)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cbcada128cbf8ff06fb564e46dc3396761796c35
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cbcada128cbf8ff06fb564e46dc3396761796c35
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230514/bec53505/attachment.htm>
More information about the debian-security-tracker-commits
mailing list