Markus Koschany · Markus Koschany · ed9a47db · ed9a47db · ed9a47db
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -43784,7 +43784,6 @@ CVE-2018-8741 (A directory traversal flaw in SquirrelMail 1.4.22 allows an ...)
 CVE-2018-8740 (In SQLite through 3.22.0, databases whose schema is corrupted using a ...)
 	- sqlite3 3.22.0-2 (bug #893195)
 	[stretch] - sqlite3 <no-dsa> (Minor issue)
-	[jessie] - sqlite3 <no-dsa> (Minor issue)
 	[wheezy] - sqlite3 <no-dsa> (Minor issue)
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349
 	NOTE: https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b
@@ -88289,7 +88288,6 @@ CVE-2017-10989 (The getNodeSize function in ext/rtree/rtree.c in SQLite through
 	{DLA-1018-1}
 	- sqlite3 3.19.3-3 (bug #867618)
 	[stretch] - sqlite3 3.16.2-5+deb9u1
-	[jessie] - sqlite3 <no-dsa> (Minor issue)
 	NOTE: https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26
 	NOTE: https://sqlite.org/src/info/66de6f4a
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937
@@ -114513,21 +114511,18 @@ CVE-2017-2521 (An issue was discovered in certain Apple products. iOS before 10.
 	NOTE: Not covered by security support
 CVE-2017-2520 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
 	- sqlite3 3.16.2-1
-	[jessie] - sqlite3 <no-dsa> (Minor issue)
 	[wheezy] - sqlite3 <not-affected> (Vulnerable code not present)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=384
 	NOTE: https://clusterfuzz-external.appspot.com/testcase?key=5694101458518016
 	NOTE: Fixed by: https://www.sqlite.org/src/info/2dc7eeb5b4d2eaf1
 CVE-2017-2519 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
 	- sqlite3 3.16.0-1
-	[jessie] - sqlite3 <no-dsa> (Minor issue)
 	[wheezy] - sqlite3 <not-affected> (Vulnerable code not present)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=288
 	NOTE: https://clusterfuzz-external.appspot.com/testcase?key=6739028850245632
 	NOTE: Fixed by: https://www.sqlite.org/src/info/d08b72c38ff6fae6
 CVE-2017-2518 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
 	- sqlite3 3.15.2-1
-	[jessie] - sqlite3 <no-dsa> (Minor issue)
 	[wheezy] - sqlite3 <no-dsa> (Minor issue)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=199
 	NOTE: https://clusterfuzz-external.appspot.com/testcase?key=4603622180519936
--- a/data/DLA/list
+++ b/data/DLA/list
+[11 Jan 2019] DLA-1633-1 sqlite3 - security update
+	{CVE-2017-2518 CVE-2017-2519 CVE-2017-2520 CVE-2017-10989 CVE-2018-8740}
+	[jessie] - sqlite3 3.8.7.1-1+deb8u4
 [10 Jan 2019] DLA-1632-1 libsndfile - security update
 	{CVE-2018-19758}
 	[jessie] - libsndfile 1.0.25-9.1+deb8u3

--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -101,13 +101,6 @@ qemu (Hugo Lefeuvre)
  NOTE: CVE-2018-19665: no practical exploit at the moment + patch quite big (but easy to review, though)
  NOTE: CVE-2018-19665: this is a good candidate for no-dsa
 --
-sqlite3 (Markus Koschany)
-  NOTE: Consider to fix no-dsa issues too because they are already fixed in
-  NOTE: Stretch and later versions and sqlite3 is a widely used package.
-  NOTE: 20181221: Magellan CVE fixed, no-dsa issues untouched due to lack of time
-  NOTE: 20181221: re-added sqlite3, so that no-dsa issues stay on our radar
-  NOTE: 20181221: low-prio, pick it if all other packages are taken...
--
 sssd (Mike Gabriel)
  NOTE: 20181220: Specific fixes for older branches will be provided in January 2019. (apo)
 --