Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits: a3f4b7cb by Markus Koschany at 2018-12-19T21:37:14Z Magellan issue for sqlite: Add more information Link to Fedora and Red Hat bugs manually as long as no official CVE has been assigned. Link to Fedora patch and related upstream commit which was done before 3.25.3 was released. In 3.26.0 a new option was introduced, SQLITE_DBCONFIG_DEFENSIVE, that also can prevent attackers from exploiting the issue. However it seems to be more intrusive than the other fix. - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -314,6 +314,10 @@ CVE-2018-XXXX ["Magellan" remote code execution vulnerability] - chromium 71.0.3578.80-1 [stretch] - chromium-browser 71.0.3578.80-1~deb9u1 NOTE: https://blade.tencent.com/magellan/index_en.html + NOTE: RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1659379 + NOTE: Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=1659677 + NOTE: Fedora patch: https://src.fedoraproject.org/rpms/sqlite/c/d8da047b90b7eff583c50bf7fa7dc3bc37414249?branch=f28 + NOTE: Upstream change: https://www.sqlite.org/src/info/940f2adc8541a838 TODO: check, sqlite3 possibly fixed already in 3.25.3-1 (and not only in 3.26.0-1) as per chromium change CVE-2018-20172 (An issue was discovered in Nagios XI before 5.5.8. The rss_url ...) NOT-FOR-US: Nagios XI View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a3f4b7cb9242ffe12bd73b1d8abe1d6c1686fbf9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a3f4b7cb9242ffe12bd73b1d8abe1d6c1686fbf9 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits