[Secure-testing-team] Bug#872436: db5.3: CVE-2017-10140: Berkeley DB reads DB_CONFIG from cwd
Salvatore Bonaccorso
carnil at debian.org
Thu Aug 17 12:14:09 UTC 2017
Source: db5.3
Version: 5.3.28-9
Severity: grave
Tags: upstream security
Hi,
the following vulnerability was published for db5.3.
CVE-2017-10140[0]:
Berkeley DB reads DB_CONFIG from cwd
Fedora used the patch in [3], and according to [1], comment #9 this
has been acknowledged by upstream to be fine solution.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-10140
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10140
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1464032
[2] https://bugzilla.novell.com/show_bug.cgi?id=1043886
[3] https://src.fedoraproject.org/rpms/libdb/raw/8047fa8580659fcae740c25e91b490539b8453eb/f/db-5.3.28-cwd-db_config.patch
Regards,
Salvatore
More information about the Secure-testing-team
mailing list