Re: Re: BerkeleyDB CVEs

To: "debian-security@lists.debian.org" <debian-security@lists.debian.org>
Subject: Re: Re: BerkeleyDB CVEs
From: Juraj Longauer <juraj.longauer@flowbox.com>
Date: Wed, 15 Oct 2025 08:48:51 +0000
Message-id: <[🔎] AS8PR01MB8796060A86A93DDBAD51C94E93E8A@AS8PR01MB8796.eurprd01.prod.exchangelabs.com>

Hi,

A follow up questions if I may...

May I assume that when the CRITICAL CVE is identified on Berkeley DB (libdb5.3) and enough information is shared the package maintainer will fix it?

I talked to maintainer and he mentioned that library is now orphaned which suggests that the fix will not be developed?

Bastian Germann: "...The request was placed better at the Security Team. I have orphaned the pkg."

https://packages.debian.org/bookworm/libdb5.3

Thank you,

Reply to:

Follow-Ups:
- Re: Re: BerkeleyDB CVEs
  - From: Jeffrey Walton <noloader@gmail.com>

Prev by Date: Status of Intel CET in Debian
Next by Date: Re: Re: BerkeleyDB CVEs
Previous by thread: Re: Status of Intel CET in Debian
Next by thread: Re: Re: BerkeleyDB CVEs
Index(es):
- Date
- Thread