user release.debian.org@packages.debian.org usertags 784021 = pu tags 784021 + moreinfo jessie thanks On 2015-05-02 10:42, László Böszörményi wrote:
Package: release.debian.org Severity: normal User: release.debian.org@packages.debian.org Usertags: unblock
No. Testing isn't frozen and this is a request for an update to stable; fixed. (Oddly you got the tag in the subject (mostly) correct.)
There are three security bugs in SQLite3 which needs to be fixed for Jessie. I've already prepared the update and debdiff is attached. Security team is in the Cc in case they also working on it or would like to take over. In short, vulnerabilities are the following. CVE-2015-3414 - uninitialized memory denial of service (remote). CVE-2015-3415 - vdbe.c sqlite3VdbeExec denial of service (remote). CVE-2015-3415 - printf.c sqlite3VXPrintf buffer overflow (remote).
As none of those are currently tagged no-dsa in the security tracker, I'd prefer to wait for confirmation on that. I'd have thought it made more sense to talk to them first tbh but never mind. :)
Regards, Adam