Bug#877639: jessie-pu: package sqlite3/3.8.7.1-1+deb8u3

To: "Laszlo Boszormenyi (GCS)" <gcs@debian.org>, 877639@bugs.debian.org
Subject: Bug#877639: jessie-pu: package sqlite3/3.8.7.1-1+deb8u3
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Sat, 18 Nov 2017 19:05:29 +0000
Message-id: <[🔎] 1511031929.2602.29.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 877639@bugs.debian.org
In-reply-to: <1507051401.29571.17.camel@debian.org>
References: <1507051401.29571.17.camel@debian.org> <1507051401.29571.17.camel@debian.org>

Control: tags -1 + confirmed

On Tue, 2017-10-03 at 19:23 +0200, Laszlo Boszormenyi (GCS) wrote:
> I'd like to fix CVE-2017-10989 in SQLite3 for Jessie, which is a
> heap-based buffer over-read via undersized RTree blobs.
> It's considered remotely exploitable, still marked as no-DSA by the
> Security Team. Still, worth fixing via the point update, proposed
> patch
> is attached.
> 

Please go ahead.

Regards,

Adam

Reply to:

Prev by Date: Processed: Re: Bug#876944: jessie-pu: package bwm-ng/0.6-3.1
Next by Date: Processed: Re: Bug#877639: jessie-pu: package sqlite3/3.8.7.1-1+deb8u3
Previous by thread: Bug#876944: jessie-pu: package bwm-ng/0.6-3.1
Next by thread: Processed: Re: Bug#877639: jessie-pu: package sqlite3/3.8.7.1-1+deb8u3
Index(es):
- Date
- Thread