|Summary:||sys-libs/db: Berkeley DB reads DB_CONFIG from the current working directory|
|Product:||Gentoo Security||Reporter:||Eddie Chapman <maracay>|
|Component:||Vulnerabilities||Assignee:||Gentoo Security <security>|
|Whiteboard:||A4 [upstream/ebuild cve]|
|Package list:||Runtime testing required:||---|
Description Eddie Chapman 2017-11-22 08:03:19 UTC
Comment 1 Eddie Chapman 2017-11-22 08:43:13 UTC
Just tested the Fedora patch (added an epatch line to the latest stable db-5.3.28-r2.ebuild) and saw that it was applied, which it did without error, and it built and installed fine. Haven't tested other versions.
Comment 2 Christopher Díaz Riveros (RETIRED) 2017-11-22 16:33:49 UTC
(In reply to Eddie Chapman from comment #1) Thanks for the report Eddie, CCing maintainers to let them know about this. @Maintainers please confirm if we are affected,
Comment 3 Robin Johnson 2017-11-22 19:10:44 UTC
Looks ok, but I'm worried about subtle breakage by consumers. I need to check if DB_HOME is set in those cases (openldap berkdb mostly).
Comment 4 Christopher Díaz Riveros (RETIRED) 2017-11-22 19:16:05 UTC
(In reply to Robin Johnson from comment #3) > Looks ok, but I'm worried about subtle breakage by consumers. I need to > check if DB_HOME is set in those cases (openldap berkdb mostly). Thanks, please call for stabilization when a fixed version is available.
Comment 5 John Helmert III 2020-06-14 00:36:10 UTC