[pkg-db-devel] Bug#872436: db5.3: CVE-2017-10140: Berkeley DB reads DB_CONFIG from cwd
Salvatore Bonaccorso
carnil at debian.org
Thu Aug 17 12:58:11 UTC 2017
Hi
A further comment: We (security team) thinks it would be wise to first
have the patch exposed for a while in unstable, and look for possible
regression if there are applications basically relying on that
behaviour (hopefully not).
Then we could look furhter if release a DSA for it or rather going
safer via a point release and having it exposed as well a while via
the propsed-updates queues.
I can prepare a NMU for sid if needed, will follow up with debdiff
shortly and upload to a delayed queue (10 days). if you then are fine
to either override it or having it rescheduled that would be as well
great.
Regards,
Salvatore
More information about the pkg-db-devel
mailing list