[Secure-testing-commits] r56082 - in data: . CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Sun Sep 24 08:00:44 UTC 2017 

Author: carnil
Date: 2017-09-24 08:00:44 +0000 (Sun, 24 Sep 2017)
New Revision: 56082

Modified:
   data/CVE/list
   data/dsa-needed.txt
Log:
Mark db issues as no-dsa

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-09-24 05:35:37 UTC (rev 56081)
+++ data/CVE/list	2017-09-24 08:00:44 UTC (rev 56082)
@@ -13100,6 +13100,8 @@
 CVE-2017-10140 [Berkeley DB reads DB_CONFIG from cwd]
 	RESERVED
 	- db5.3 5.3.28-13.1 (bug #872436)
+	[stretch] - db5.3 <no-dsa> (Minor issue; will be fixed via point release)
+	[jessie] - db5.3 <no-dsa> (Minor issue; will be fixed via point release)
 	- db5.2 <removed>
 	- db5.1 <removed>
 	- db4.8 <removed>
@@ -13112,6 +13114,7 @@
 	- db4.1 <removed>
 	- db4.0 <removed>
 	- db <removed>
+	[jessie] - db <no-dsa> (Minor issue; will be fixed via point release)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/08/12/1
 	NOTE: Patch as used in Fedora: https://src.fedoraproject.org/rpms/libdb/raw/8047fa8580659fcae740c25e91b490539b8453eb/f/db-5.3.28-cwd-db_config.patch
 	NOTE: and is acknowledged by libdb upstream, cf. https://bugzilla.redhat.com/show_bug.cgi?id=1464032#c9

Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt	2017-09-24 05:35:37 UTC (rev 56081)
+++ data/dsa-needed.txt	2017-09-24 08:00:44 UTC (rev 56082)
@@ -18,22 +18,6 @@
 --
 curl (ghedo)
 --
-db/oldstable
-  Needs to be seen how it's fixed by Oracle and whether it's isolatable or whether it's
-  possible to rebase to a new upstream
-  Existing applications might rely on existing behaviour, monitor in unstable for a
-  month
-  As per 2017-09-12 no obvious regressions were reported, maybe still go via a point
-  release.
---
-db5.3
-  Needs to be seen how it's fixed by Oracle and whether it's isolatable or whether it's
-  possible to rebase to a new upstream
-  Existing applications might rely on existing behaviour, monitor in unstable for a
-  month
-  As per 2017-09-12 no obvious regressions were reported, maybe still go via a point
-  release.
---
 ghostscript (carnil)
 --
 graphicsmagick

More information about the Secure-testing-commits mailing list