Summary: | <dev-db/sqlite-3.30.1: multiple vulnerabilities (CVE-2019-{5827,16168}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Vaibhav Rustagi <vaibhavrustagi> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | arfrever.fta, floppym, perfect007gentleman, sam |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | A2 [glsa+ cve] | ||
Package list: |
dev-db/sqlite-3.30.1
|
Runtime testing required: | --- |
Description
Vaibhav Rustagi
2019-10-14 00:22:00 UTC
Adding CVE-2019-5827: Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (In reply to Thomas Deutschmann from comment #1) > Adding CVE-2019-5827: Integer overflow in SQLite via WebSQL in Google Chrome > prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap > corruption via a crafted HTML page. we should go with 2.30.1 for the update as it was released way back in october. (In reply to Jory A. Pratt from comment #2) > (In reply to Thomas Deutschmann from comment #1) > > Adding CVE-2019-5827: Integer overflow in SQLite via WebSQL in Google Chrome > > prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap > > corruption via a crafted HTML page. > > we should go with 2.30.1 for the update as it was released way back in > october. err 3.30.1 ppc64 stable hppa/sparc stable arm64 stable s390 stable ia64 stable ppc stable arm stable *** Bug 711194 has been marked as a duplicate of this bug. *** Superseded by bug 711526. Added to an existing GLSA. This issue was resolved and addressed in GLSA 202003-16 at https://security.gentoo.org/glsa/202003-16 by GLSA coordinator Thomas Deutschmann (whissi). |