Commit 68d3dd94 authored by Mike Gabriel's avatar Mike Gabriel

sqlite3 / CVE-2018-20346: unclaim sqlite3, provide rebased patch, express...

sqlite3 / CVE-2018-20346: unclaim sqlite3, provide rebased patch, express doubts, if sqlite3 in wheezy is affected, at all. Second pair of eyes needed.
parent 50e9cde6
......@@ -22,7 +22,14 @@ nss (Roberto C. Sánchez)
NOTE: 20181127: upstream issue made public; working on reproducing vulnerability (roberto)
NOTE: 20181217: Contacted Mozilla security with a request for access to the new BZ issue related to CVE-2018-12404. (roberto)
--
sqlite3 (Mike Gabriel)
sqlite3
NOTE: 20181221: research on CVE-2018-20346 (Magellan):
NOTE: 20181221: Patch rebased for sqlite3 3.7.13 (wheezy): http://paste.debian.net/1057020/ (paste never expires)
NOTE: 20181221: Not 100% sure if sqlite3 in wheezy is affected at all, it lacks the 64bit length API symbols that
NOTE: 20181221: get used by the proposed upstream fix.
NOTE: 20181221: 64bit length API: https://github.com/mackyle/sqlite/commit/1b0c494fa2e9390f0cb74563ac29bc759f74dfa1
NOTE: 20181221: unclaiming (Mike Gabriel) this package due to inactivity over X-mas and requirement for a second
NOTE: 20181221: pair of eyes from someone who is more fluent in C's memory allocation methods.
--
wireshark (Thorsten Alteholz)
--
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment