Bug#876629: stretch-pu: package db5.3/5.3.28-12+deb9u1
Control: tag -1 confirmed
Hi,
On Sun, Sep 24, 2017 at 09:52:06AM +0200, Salvatore Bonaccorso wrote:
> db5.3 in stretch is affected by the CVE-2017-10140 ("Berkeley DB reads
> DB_CONFIG from cwd)", #872436. The NMU to unstable back on end of
> august has not raised any regression reports we would be aware of. We
> though think it's still safer to have it via point release
Please go ahead.
> and have it
> for a short time exposed as well via proposed-updates (once, and if
> accepted).
On that part I'm not so sure. If it's that urgent, why not a DSA?
The point release has been set for 7th October so it's not that far away.
Thanks,
--
Jonathan Wiltshire jmw@debian.org
Debian Developer http://people.debian.org/~jmw
4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
Reply to: