[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#784021: pu: sqlite3/

user release.debian.org@packages.debian.org
usertags 784021 = pu
tags 784021 + moreinfo jessie

On 2015-05-02 10:42, László Böszörményi wrote:
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

No. Testing isn't frozen and this is a request for an update to stable; fixed. (Oddly you got the tag in the subject (mostly) correct.)

There are three security bugs in SQLite3 which needs to be fixed for
Jessie. I've already prepared the update and debdiff is attached.
Security team is in the Cc in case they also working on it or would
like to take over.
In short, vulnerabilities are the following.
CVE-2015-3414 - uninitialized memory denial of service (remote).
CVE-2015-3415 - vdbe.c sqlite3VdbeExec denial of service (remote).
CVE-2015-3415 - printf.c sqlite3VXPrintf buffer overflow (remote).

As none of those are currently tagged no-dsa in the security tracker, I'd prefer to wait for confirmation on that. I'd have thought it made more sense to talk to them first tbh but never mind. :)



Reply to: