FreeBSD Bugzilla – Attachment 172028 Details for
Bug 210751
security/vuxml: Security vulnerability in SQLite3 (CVE-2016-6153)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Add SQLite3 vuln entry (CVE-2016-6153)
patch_security_vuxml.patch (text/plain), 1.80 KB, created by
VK
on 2016-07-01 20:26:03 UTC
(
hide
)
Description:
Add SQLite3 vuln entry (CVE-2016-6153)
Filename:
MIME Type:
Creator:
VK
Created:
2016-07-01 20:26:03 UTC
Size:
1.80 KB
patch
obsolete
>Index: security/vuxml/vuln.xml >=================================================================== >--- security/vuxml/vuln.xml (revision 417902) >+++ security/vuxml/vuln.xml (working copy) >@@ -58,6 +58,40 @@ > * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) > --> > <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> >+ <vuln vid="546deeea-3fc6-11e6-a671-60a44ce6887b"> >+ <topic>SQLite3 -- Tempdir Selection Vulnerability</topic> >+ <affects> >+ <package> >+ <name>sqlite3</name> >+ <range><lt>3.13.0</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>KoreLogic security reports:</p> >+ <blockquote cite="https://www.korelogic.com/Resources/Advisories/KL-001-2016-003.txt"> >+ <p>Affected versions of SQLite reject potential tempdir locations if >+ they are not readable, falling back to '.'. Thus, SQLite will favor >+ e.g. using cwd for tempfiles on such a system, even if cwd is an >+ unsafe location. Notably, SQLite also checks the permissions of '.', >+ but ignores the results of that check.</p> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <url>https://www.korelogic.com/Resources/Advisories/KL-001-2016-003.txt</url> >+ <url>http://openwall.com/lists/oss-security/2016/07/01/2</url> >+ <url>http://www.sqlite.org/cgi/src/info/67985761aa93fb61</url> >+ <url>http://www.sqlite.org/cgi/src/info/b38fe522cfc971b3</url> >+ <url>http://www.sqlite.org/cgi/src/info/614bb709d34e1148</url> >+ <cvename>CVE-2016-6153</cvename> >+ </references> >+ <dates> >+ <discovery>2016-07-01</discovery> >+ <entry>2016-07-01</entry> >+ </dates> >+ </vuln> >+ > <vuln vid="e7028e1d-3f9b-11e6-81f9-6805ca0b3d42"> > <topic>phpMyAdmin -- multiple vulnerabilities</topic> > <affects>
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=172028">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 210751
: 172028