Summary: | sys-libs/db: Berkeley DB reads DB_CONFIG from the current working directory | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Eddie Chapman <maracay> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | IN_PROGRESS --- | ||
Severity: | minor | CC: | ajak, base-system |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1464032 | ||
Whiteboard: | A4 [upstream/ebuild cve] | ||
Package list: | Runtime testing required: | --- |
Description
Eddie Chapman
2017-11-22 08:03:19 UTC
Just tested the Fedora patch (added an epatch line to the latest stable db-5.3.28-r2.ebuild) and saw that it was applied, which it did without error, and it built and installed fine. Haven't tested other versions. (In reply to Eddie Chapman from comment #1) Thanks for the report Eddie, CCing maintainers to let them know about this. @Maintainers please confirm if we are affected, Looks ok, but I'm worried about subtle breakage by consumers. I need to check if DB_HOME is set in those cases (openldap berkdb mostly). (In reply to Robin Johnson from comment #3) > Looks ok, but I'm worried about subtle breakage by consumers. I need to > check if DB_HOME is set in those cases (openldap berkdb mostly). Thanks, please call for stabilization when a fixed version is available. Maintainer(s): Ping. |