[Git][security-tracker-team/security-tracker][master] Update information for CVE-2021-31239/sqlite

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon May 22 20:08:51 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a8b78f31 by Salvatore Bonaccorso at 2023-05-22T21:07:15+02:00
Update information for CVE-2021-31239/sqlite

The referenced URL leads to a 404, isolate the commit and use the full
commit hash. As the feature was intorduced only in the 3.22.0 version,
mark the whole sqlite entry as not-affected, as sqlite was in version
2.8.17-15 latest in unstable.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -152393,11 +152393,10 @@ CVE-2021-31239 (An issue found in SQLite SQLite3 v.3.35.4 that allows a remote a
 	- sqlite3 3.36.0-2
 	[bullseye] - sqlite3 <no-dsa> (Minor issue)
 	[buster] - sqlite3 <no-dsa> (Minor issue)
-	- sqlite <removed>
-	[buster] - sqlite <not-affected> (Vulnerable feature introduced later)
+	- sqlite <not-affected> (Vulnerable code not present)
 	NOTE: https://www.sqlite.org/forum/forumpost/d9fce1a89b
 	NOTE: Fixed by: https://github.com/sqlite/sqlite/commit/6536c4f18e3dd37084c902f965631ff28248d8c7 (version-3.36.0)
-	NOTE: Vulnerable feature introduced with: https://github.com/sqlite/sqlite/commit/3be8b1ac at 3.22.0 (https://sqlite.org/releaselog/3_22_0.html)
+	NOTE: Vulnerable feature introduced with: https://github.com/sqlite/sqlite/commit/3be8b1a4f7848c1d67324893f4ac9cace8c06eb0 (version-3.22.0, https://sqlite.org/releaselog/3_22_0.html)
 CVE-2021-31238
 	RESERVED
 CVE-2021-31237



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a8b78f311d2c6bd9ddccef446a87d1522967b813

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a8b78f311d2c6bd9ddccef446a87d1522967b813
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230522/682af052/attachment.htm>

More information about the debian-security-tracker-commits mailing list