Hi Jonathan,
On Sun, Sep 24, 2017 at 02:52:03PM +0100, Jonathan Wiltshire wrote:
> Control: tag -1 confirmed
>
> Hi,
>
> On Sun, Sep 24, 2017 at 09:52:06AM +0200, Salvatore Bonaccorso wrote:
> > db5.3 in stretch is affected by the CVE-2017-10140 ("Berkeley DB reads
> > DB_CONFIG from cwd)", #872436. The NMU to unstable back on end of
> > august has not raised any regression reports we would be aware of. We
> > though think it's still safer to have it via point release
>
> Please go ahead.
Thanks, uploaded.
>
> > and have it
> > for a short time exposed as well via proposed-updates (once, and if
> > accepted).
>
> On that part I'm not so sure. If it's that urgent, why not a DSA?
>
> The point release has been set for 7th October so it's not that far away.
Hmm, not sure if I then miss-explained. It's not a mather of urgency
We decided to rather have it included via a point release, and still
having it exposed for some testing via the stable-proposed-updates
queues, for those having it activated and doing pre-testing before the
point release.
Regards,
Salvatore
