Bug#877640: stretch-pu: package sqlite3/3.16.2-5+deb9u1
Control: tags -1 + pending
On Sun, 2017-10-29 at 18:27 +0000, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
>
> On Tue, 2017-10-03 at 19:23 +0200, Laszlo Boszormenyi (GCS) wrote:
> > I'd like to fix CVE-2017-10989 in SQLite3 for Stretch, which is a
> > heap-based buffer over-read via undersized RTree blobs.
> > It's considered remotely exploitable, still marked as no-DSA by the
> > Security Team. Still, worth fixing via the point update, proposed
> > patch is attached.
> >
>
> Please go ahead.
Uploaded and flagged for acceptance.
Regards,
Adam
Reply to: