[Touch-packages] [Bug 1700937] Re: Heap-buffer overflow in nodeAcquire

2017-08-18 Thread Marc Deslauriers
** Changed in: sqlite3 (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to sqlite3 in Ubuntu. https://bugs.launchpad.net/bugs/1700937 Title: Heap-buffer overflow in nodeAcquire Status i

[Touch-packages] [Bug 1700937] Re: Heap-buffer overflow in nodeAcquire

2017-07-14 Thread Seth Arnold
Even, we've triaged this as a 'low' priority for our team: https://people.canonical.com/~ubuntu- security/cve/2017/CVE-2017-10989.html -- it might be a while before fixes are released. Thanks -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is

[Touch-packages] [Bug 1700937] Re: Heap-buffer overflow in nodeAcquire

2017-07-14 Thread Even Rouault
Will there be a security package with the patch ? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to sqlite3 in Ubuntu. https://bugs.launchpad.net/bugs/1700937 Title: Heap-buffer overflow in nodeAcquire Status in sqlite3 pack

Re: [Touch-packages] [Bug 1700937] Re: Heap-buffer overflow in nodeAcquire

2017-07-07 Thread Seth Arnold
On Fri, Jul 07, 2017 at 07:01:41PM -, Even Rouault wrote: > @seth There's an error regarding the SQLite version number in the CVE > text. It should read "in SQLite before 3.17.0" (and not 3.11.0) Oh that's unfortuate. I didn't say it was fixed in -any- version in my submission, because it felt

[Touch-packages] [Bug 1700937] Re: Heap-buffer overflow in nodeAcquire

2017-07-07 Thread Even Rouault
@seth There's an error regarding the SQLite version number in the CVE text. It should read "in SQLite before 3.17.0" (and not 3.11.0) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to sqlite3 in Ubuntu. https://bugs.launchpad.ne

[Touch-packages] [Bug 1700937] Re: Heap-buffer overflow in nodeAcquire

2017-07-07 Thread Seth Arnold
Use CVE-2017-10989. Thanks ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-10989 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to sqlite3 in Ubuntu. https://bugs.launchpad.net/bugs/1700937 Title: Heap-buf

[Touch-packages] [Bug 1700937] Re: Heap-buffer overflow in nodeAcquire

2017-07-06 Thread Ubuntu Foundations Team Bug Bot
The attachment "Proposed patch to apply on top of sqlite 3.11.0" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team. [This is an automated message performed by a Launc

[Touch-packages] [Bug 1700937] Re: Heap-buffer overflow in nodeAcquire

2017-07-06 Thread Even Rouault
** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to sqlite3 in Ubuntu. https://bugs.launchpad.net/bugs/1700937 Title: Heap-buffer overflow in nodeAcquire Sta