Summary: | <dev-db/sqlite-3.28.0: use-after-free in window function leading to remote code execution (CVE-2019-5018) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | arfrever.fta |
Priority: | Normal | Keywords: | STABLEREQ |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0777 | ||
Whiteboard: | A2 [glsa+ cve] | ||
Package list: |
dev-db/sqlite-3.28.0
|
Runtime testing required: | --- |
Bug Depends on: | |||
Bug Blocks: | 684840 |
Description
GLSAMaker/CVETool Bot
2019-05-13 14:20:40 UTC
amd64 stable arm64 stable sparc stable x86 stable hppa stable arm stable ppc64 stable s390 stable ppc stable ia64 stable alpha stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. Let's give one or two weeks for M68K and SH. (In reply to Arfrever Frehtes Taifersar Arahesis from comment #12) > Let's give one or two weeks for M68K and SH. They are not stable arches. Can we move on now? The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9b4ecf2fe8842b5ee546ab56f81bbb470cbe91a8 commit 9b4ecf2fe8842b5ee546ab56f81bbb470cbe91a8 Author: Arfrever Frehtes Taifersar Arahesis <Arfrever@Apache.Org> AuthorDate: 2019-08-09 17:09:52 +0000 Commit: Mike Gilbert <floppym@gentoo.org> CommitDate: 2019-08-09 18:39:00 +0000 dev-db/sqlite: Delete old version (3.27.2). Bug: https://bugs.gentoo.org/685838 Signed-off-by: Arfrever Frehtes Taifersar Arahesis <Arfrever@Apache.Org> Signed-off-by: Mike Gilbert <floppym@gentoo.org> dev-db/sqlite/Manifest | 3 - .../files/sqlite-3.27.0-full_archive-build.patch | 461 --------------------- .../files/sqlite-3.27.2-full_archive-tests.patch | 36 -- dev-db/sqlite/sqlite-3.27.2.ebuild | 328 --------------- 4 files changed, 828 deletions(-) This issue was resolved and addressed in GLSA 201908-09 at https://security.gentoo.org/glsa/201908-09 by GLSA coordinator Aaron Bauman (b-man). |