Re: Incomplete fix for CVE-2019-20218/sqlite3
Hi Moritz & Chris,
On Tue, Dec 08, 2020 at 02:37:14PM +0000, Chris Lamb wrote:
> Hi Moritz,
> > CVE-2019-20218 isn't fixed in Stretch/LTS. Running the reproducer:
Thanks for reporting this. It seems I overlooked something in my
update. I should have taken greater care.
> Roberto, can you follow-up on this?
I have claimed the package in dla-needed.txt. I will get this
straightened out (including properly confirming that the vulnerability
is fixed) in the coming days.
Roberto C. Sánchez