Re: "Magellan" bug in sqlite3

To: debian-security@lists.debian.org
Cc: Hideki Yamane <henrich@iijmio-mail.jp>
Subject: Re: "Magellan" bug in sqlite3
From: qmi <lista@miklos.info>
Date: Tue, 18 Dec 2018 23:36:24 +0100
Message-id: <[🔎] 20181218223623.atfeor7slcpj2em5@qmiacer>
Mail-followup-to: qmi <lista@miklos.info>, debian-security@lists.debian.org, Hideki Yamane <henrich@iijmio-mail.jp>
In-reply-to: <[🔎] 20181217142025.9b9cee78daeb1d46da1ebad2@iijmio-mail.jp>
References: <[🔎] 20181217142025.9b9cee78daeb1d46da1ebad2@iijmio-mail.jp>

Hi

This vulnerability seems to have been already handled. See URL:
https://security-tracker.debian.org/tracker/TEMP-0566326-9A899F

But no CVE assigned as this is not public yet. 

Additionally, the Tencent team's page itself on the link referred by
you state that in order to apply the fix, update to 3.26.0 version.
The Debian package in unstable/sid is already at 3.26.0-3. This also
indicates that the issue is already handled.

https://packages.debian.org/sid/sqlite3

On Mon, Dec 17, 2018 at 02:20:25PM +0900, Hideki Yamane wrote:
>  Tencent Blade Team released a security advisory about "Magellan" bug
>  in sqlite, that was fixed in upstream 3.26.0.
>  See https://blade.tencent.com/magellan/index_en.html
> 
>  CVE is not assigned yet, but we should track and try to fix it.
> 
> -- 
> Hideki Yamane <henrich@iijmio-mail.jp>

Tell me if I am wrong. 

Regards,
-- 
qmi | Debian GNU/Linux enthusiast
Email: lista@miklos.info
WWW: http://www.miklos.info
GPG: 3C4B 1364 A379 7366 7FED  260A 2208 F2CE 3FCE A0D3

Reply to:

Follow-Ups:
- Re: "Magellan" bug in sqlite3
  - From: Hideki Yamane <henrich@iijmio-mail.jp>

References:
- "Magellan" bug in sqlite3
  - From: Hideki Yamane <henrich@iijmio-mail.jp>

Prev by Date: "Magellan" bug in sqlite3
Next by Date: Re: "Magellan" bug in sqlite3
Previous by thread: "Magellan" bug in sqlite3
Next by thread: Re: "Magellan" bug in sqlite3
Index(es):
- Date
- Thread