Re: Incomplete fix for CVE-2019-20218/sqlite3
Hi Moritz & Chris,
On Tue, Dec 08, 2020 at 02:37:14PM +0000, Chris Lamb wrote:
> Hi Moritz,
>
> > CVE-2019-20218 isn't fixed in Stretch/LTS. Running the reproducer:
>
Thanks for reporting this. It seems I overlooked something in my
update. I should have taken greater care.
>
> Roberto, can you follow-up on this?
>
I have claimed the package in dla-needed.txt. I will get this
straightened out (including properly confirming that the vulnerability
is fixed) in the coming days.
Regards,
-Roberto
--
Roberto C. Sánchez
Reply to: