[Git][security-tracker-team/security-tracker][master] Update status for some old py-lmdb issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Mar 19 06:45:27 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c153786f by Salvatore Bonaccorso at 2026-03-19T07:43:32+01:00
Update status for some old py-lmdb issues

Back in 2024 upstream said:

        After taking a second look and actually trying the above
        exploit, I take back everything I said before. This looks like
        real vulns (but not exploits, but could be turned into exploits
        fairly easily). Still, this isn't in py-lmdb but in the upstream
        lmdb library.

        These exploits need to be converted into pure C lmdb code and
        reported upstream.

and then subsequently fixed it
https://github.com/jnwatson/py-lmdb/pull/429 . Update the status
removing the 'non-security' impact tracking (but still is likely
no-dsa), and reference the MR fixing the issues.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -566402,30 +566402,25 @@ CVE-2019-16229 (drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c in the Linux kernel 5
 	NOTE: Requires memory allocation failure during device probe, so unlikely to
 	NOTE: be exploitable, and then it's only a local DoS.
 CVE-2019-16228 (An issue was discovered in py-lmdb 0.97. There is a divide-by-zero err ...)
-	- py-lmdb <unfixed> (unimportant)
+	- py-lmdb <unfixed>
 	NOTE: https://github.com/jnwatson/py-lmdb/issues/210
-	NOTE: No real security issue in py-lmdb and disputed (MITRE contacted). If at all
-	NOTE: then issues in underlying library but cf. https://github.com/jnwatson/py-lmdb/issues/210#issuecomment-531015023
+	NOTE: https://github.com/jnwatson/py-lmdb/pull/429
 CVE-2019-16227 (An issue was discovered in py-lmdb 0.97. For certain values of mn_flag ...)
-	- py-lmdb <unfixed> (unimportant)
+	- py-lmdb <unfixed>
 	NOTE: https://github.com/jnwatson/py-lmdb/issues/210
-	NOTE: No real security issue in py-lmdb and disputed (MITRE contacted). If at all
-	NOTE: then issues in underlying library but cf. https://github.com/jnwatson/py-lmdb/issues/210#issuecomment-531015023
+	NOTE: https://github.com/jnwatson/py-lmdb/pull/429
 CVE-2019-16226 (An issue was discovered in py-lmdb 0.97. mdb_node_del does not validat ...)
-	- py-lmdb <unfixed> (unimportant)
+	- py-lmdb <unfixed>
 	NOTE: https://github.com/jnwatson/py-lmdb/issues/210
-	NOTE: No real security issue in py-lmdb and disputed (MITRE contacted). If at all
-	NOTE: then issues in underlying library but cf. https://github.com/jnwatson/py-lmdb/issues/210#issuecomment-531015023
+	NOTE: https://github.com/jnwatson/py-lmdb/pull/429
 CVE-2019-16225 (An issue was discovered in py-lmdb 0.97. For certain values of mp_flag ...)
-	- py-lmdb <unfixed> (unimportant)
+	- py-lmdb <unfixed>
 	NOTE: https://github.com/jnwatson/py-lmdb/issues/210
-	NOTE: No real security issue in py-lmdb and disputed (MITRE contacted). If at all
-	NOTE: then issues in underlying library but cf. https://github.com/jnwatson/py-lmdb/issues/210#issuecomment-531015023
+	NOTE: https://github.com/jnwatson/py-lmdb/pull/429
 CVE-2019-16224 (An issue was discovered in py-lmdb 0.97. For certain values of md_flag ...)
-	- py-lmdb <unfixed> (unimportant)
+	- py-lmdb <unfixed>
 	NOTE: https://github.com/jnwatson/py-lmdb/issues/210
-	NOTE: No real security issue in py-lmdb and disputed (MITRE contacted). If at all
-	NOTE: then issues in underlying library but cf. https://github.com/jnwatson/py-lmdb/issues/210#issuecomment-531015023
+	NOTE: https://github.com/jnwatson/py-lmdb/pull/429
 CVE-2019-16223 (WordPress before 5.2.3 allows XSS in post previews by authenticated us ...)
 	{DSA-4599-1 DLA-1960-1}
 	- wordpress 5.2.3+dfsg1-1 (bug #939543)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c153786fb0b3df830246c9d4410cfc84987ded0b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c153786fb0b3df830246c9d4410cfc84987ded0b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260319/52df6246/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list