Markus Koschany pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a3f4b7cb by Markus Koschany at 2018-12-19T21:37:14Z
Magellan issue for sqlite: Add more information
Link to Fedora and Red Hat bugs manually as long as no official CVE has been
assigned.
Link to Fedora patch and related upstream commit which was done before 3.25.3
was released. In 3.26.0 a new option was introduced, SQLITE_DBCONFIG_DEFENSIVE,
that also can prevent attackers from exploiting the issue. However it seems to
be more intrusive than the other fix.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -314,6 +314,10 @@ CVE-2018-XXXX ["Magellan" remote code execution
vulnerability]
- chromium 71.0.3578.80-1
[stretch] - chromium-browser 71.0.3578.80-1~deb9u1
NOTE: https://blade.tencent.com/magellan/index_en.html
+ NOTE: RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1659379
+ NOTE: Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=1659677
+ NOTE: Fedora patch:
https://src.fedoraproject.org/rpms/sqlite/c/d8da047b90b7eff583c50bf7fa7dc3bc37414249?branch=f28
+ NOTE: Upstream change: https://www.sqlite.org/src/info/940f2adc8541a838
TODO: check, sqlite3 possibly fixed already in 3.25.3-1 (and not only
in 3.26.0-1) as per chromium change
CVE-2018-20172 (An issue was discovered in Nagios XI before 5.5.8. The rss_url
...)
NOT-FOR-US: Nagios XI
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a3f4b7cb9242ffe12bd73b1d8abe1d6c1686fbf9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a3f4b7cb9242ffe12bd73b1d8abe1d6c1686fbf9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
