Bug 23141

Summary: sqlite3 new security issues CVE-2017-13685 and CVE-2017-15286
Product: Mageia Reporter: David Walser <luigiwalser>
Component: RPM PackagesAssignee: Shlomi Fish <shlomif>
Status: RESOLVED OLD QA Contact:
Severity: normal    
Priority: Normal CC: marja11
Version: 5   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: sqlite3-3.23.1-2.mga7.src.rpm CVE:
Status comment: Patches available from Fedora

Description David Walser 2018-06-07 22:49:40 CEST 
Fedora has issued an advisory today (June 7):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/5NZZAIFXIBPTX4ETB4R6PJE66SVCQFLC/

Mageia 5 and Mageia 6 may also be affected.
Comment 1 David Walser 2018-06-07 22:51:09 CEST 
Commit with patches from Fedora:
https://src.fedoraproject.org/cgit/rpms/sqlite.git/commit/?h=f27&id=8e781c9286ca8f3a06dc0dcd61178b95e29102d1

They didn't patch 3.22 in Fedora 28, so Cauldron may actually not be affected.

Status comment: (none) => Patches available from Fedora

Comment 2 Marja Van Waes 2018-06-08 21:28:03 CEST 
Assigning to the registered maintainer.

Assignee: bugsquad => shlomif
CC: (none) => marja11

Comment 3 Shlomi Fish 2018-06-09 11:41:55 CEST 
(In reply to David Walser from comment #1)
> Commit with patches from Fedora:
> https://src.fedoraproject.org/cgit/rpms/sqlite.git/commit/
> ?h=f27&id=8e781c9286ca8f3a06dc0dcd61178b95e29102d1
> 
> They didn't patch 3.22 in Fedora 28, so Cauldron may actually not be
> affected.

see https://bugzilla.redhat.com/show_bug.cgi?id=1488884#c5
Comment 4 Shlomi Fish 2018-06-09 11:42:45 CEST 
making it in version 6.

Version: Cauldron => 6

Comment 5 Shlomi Fish 2018-06-09 11:59:10 CEST 
Hi!

Version 3.22.0 in mga6 appears to already have these patches applied.

Version: 6 => 5

Comment 6 Marja Van Waes 2018-10-07 16:47:11 CEST 
Closing as OLD, since Mga5 is no longer maintained.

Resolution: (none) => OLD
Status: NEW => RESOLVED