Re: Query on db package security vurnerablity

To: Sathishkumar N <sathishkumar.n@timesys.com>
Cc: debian-security-tracker@lists.debian.org, Siva Balasubramanian <siva.balasubramanian@timesys.com>
Subject: Re: Query on db package security vurnerablity
From: Moritz Mühlenhoff <jmm@inutil.org>
Date: Mon, 25 Feb 2019 20:17:30 +0100
Message-id: <[🔎] 20190225191730.GA15431@pisco.westfalen.local>
In-reply-to: <[🔎] CAHs3EJhtw0mLV1hDyGDXioUj37ZNEA38bjAGxmeBX288ahYijQ@mail.gmail.com>
References: <[🔎] CAHs3EJhtw0mLV1hDyGDXioUj37ZNEA38bjAGxmeBX288ahYijQ@mail.gmail.com>

On Mon, Feb 25, 2019 at 05:40:28PM +0530, Sathishkumar N wrote:
> Hi ,
> 
> Can you guys tell why the below listed cves mentioned as NOT-FOR-US in
> debian security tracker?. Is it possible to provide fix for this?

These are all fixed by Oracle for DB 6, which can't be packaged in
Debian or other distros (which are all using 5) and Oracle doesn't
disclose any vulnerability information which allows us to classify
whether 5 is affected. If you have specific information that any of
them affects DB 5 as packaged in Debian, please file a bug against
the db5.3 package.

Cheers,
        Moritz

Reply to:

References:
- Query on db package security vurnerablity
  - From: Sathishkumar N <sathishkumar.n@timesys.com>

Prev by Date: Query on db package security vurnerablity
Next by Date: DSA candidates
Previous by thread: Query on db package security vurnerablity
Index(es):
- Date
- Thread