Hi Jonathan, On Sun, Sep 24, 2017 at 02:52:03PM +0100, Jonathan Wiltshire wrote: > Control: tag -1 confirmed > > Hi, > > On Sun, Sep 24, 2017 at 09:52:06AM +0200, Salvatore Bonaccorso wrote: > > db5.3 in stretch is affected by the CVE-2017-10140 ("Berkeley DB reads > > DB_CONFIG from cwd)", #872436. The NMU to unstable back on end of > > august has not raised any regression reports we would be aware of. We > > though think it's still safer to have it via point release > > Please go ahead.
Thanks, uploaded. > > > and have it > > for a short time exposed as well via proposed-updates (once, and if > > accepted). > > On that part I'm not so sure. If it's that urgent, why not a DSA? > > The point release has been set for 7th October so it's not that far away. Hmm, not sure if I then miss-explained. It's not a mather of urgency We decided to rather have it included via a point release, and still having it exposed for some testing via the stable-proposed-updates queues, for those having it activated and doing pre-testing before the point release. Regards, Salvatore