[Git][security-tracker-team/security-tracker][master] lts: CVE-2025-43967/sqlite3: mark as not-affected in bullseye
Paride Legovini (@paride)
paride at debian.org
Sun Aug 17 23:34:36 BST 2025
Paride Legovini pushed to branch master at Debian Security Tracker / security-tracker
Commits:
97d3c7f6 by Paride Legovini at 2025-08-18T00:26:20+02:00
lts: CVE-2025-43967/sqlite3: mark as not-affected in bullseye
The CVE mentions 3.39.2 as the first affected version, but I can only be
sure the problematic code got introduced in or after 3.39.0. To err on
the side of caution I'm mentioning 3.39.0 as the first affected version.
The Ubuntu security team reached similar conclusions [1].
[1] https://ubuntu.com/security/CVE-2025-7458#notes
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5222,6 +5222,7 @@ CVE-2025-7497 (A maliciously crafted PRT file, when parsed through certain Autod
NOT-FOR-US: Autodesk
CVE-2025-7458 (An integer overflow in the sqlite3KeyInfoFromExprList function in SQLi ...)
- sqlite3 3.42.0-1
+ [bullseye] - sqlite3 <not-affected> (Vulnerable code introduced in 3.39.0)
NOTE: https://sqlite.org/forum/forumpost/16ce2bb7a639e29b
NOTE: https://sqlite.org/src/info/12ad822d9b827777
CVE-2025-6730 (The Bonanza \u2013 WooCommerce Free Gifts Lite plugin for WordPress is ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/97d3c7f6c4bae72566270ec16eccd0866853c780
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/97d3c7f6c4bae72566270ec16eccd0866853c780
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250817/b3083bab/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list