Add notes regarding CVE-2019-5827/sqlite3 to dla-needed.txt

parent bab29cd5
......@@ -126,11 +126,17 @@ ruby-omniauth
sdl-image1.2
NOTE: see libsdl2 entry.
--
sqlite3 (Jonas Meurer)
NOTE: CVE-2019-8457: The fix depends on a large former code migration. Backporting didn't succeed
NOTE: CVE-2019-8457: without huge amounts of code duplication. I sent a summary of my findings to
NOTE: CVE-2019-8457: https://lists.debian.org/debian-lts/2019/06/msg00013.html
NOTE: CVE-2019-5827: Patches look much more straight-forward, will work on them nevertheless.
sqlite3
NOTE: CVE-2019-8457: The fix depends on a large former code migration. Backporting would imply
NOTE: CVE-2019-8457: huge amounts of code duplication. See summary mail to debian-lts:
NOTE: CVE-2019-8457: https://lists.debian.org/debian-lts/2019/06/msg00013.html (mejo, 2019-06-13)
NOTE: CVE-2019-5827: No public information about the actual vulnerability available yet. The
NOTE: CVE-2019-5827: patches from sqlite3 3.27.2-3 suggest that it's related to switching to
NOTE: CVE-2019-5827: 64-bit memory allocators. There's been quite some changes related to this
NOTE: CVE-2019-5827: migration between the Jessie version and 3.27.2-3 (from unstable). We might
NOTE: CVE-2019-5827: have to look into them as well. (mejo, 2019-06-17)
NOTE: 20190617: A preliminary package with *just* the (presumably) CVE-2019-5827 patches backported:
NOTE: 20190617: https://people.debian.org/~mejo/debian/jessie-security/sqlite3_3.8.7.1-1+deb8u5.dsc
--
tomcat8 (Abhijith PA)
NOTE: 20190522: FTBFS
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment