-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : db Version : 5.1.29-5+deb7u1 CVE ID : CVE-2017-10140 Debian Bug : 872436
It was found that the Berkeley DB reads DB_CONFIG from the current working directory, leading to information leak by tricking privileged processes into reading arbitrary files. For Debian 7 "Wheezy", these problems have been fixed in version 5.1.29-5+deb7u1. We recommend that you upgrade your db packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlnnmWAACgkQnUbEiOQ2 gwLBOQ//WEYKg7qbbW3IOfr6xYwbmpylxqxS+lYvGY1sJ6phprZSUbfzod9TBP3P 1/cI20KvkomEpLs9ThgpMJJ41uRRFkTrfkb+rxF7hWcOABxDPLz8K9gw/YlYFnQU Zyjgdb+BjkYf4HpaoIZKe9wWJ3vepUfNQeOWHhdKXHi/8vLXwEVQaac+DFwEKkHm XO+dkV/nAgz8+G9pDqZhca7q0hcXeyZcjplN1eEXQs165ah3LwjO7MdaGF2J0eRG MQW7pk20EZIxFcFiKarEEKQ2Fuq81lunOy9vlvZNoGcfBMJGOStwgJqAhz5WoY5p 3qq+XIxcknNcc3J1psvbYRQFQ1VHpNg5AesZWkIuFxWE0QUU1VY7MuPddUORa0sh 5Uz7Fx29grfxrzm2y44EC7aEgU+C7rw9eRUA5wT9C4VwUdY+tTtggijpew+3NND3 Rk4WjDHJRnwOj6DY4SqRrAjhgHwQwc+1NAxwahooQFr1LANnB6qV0v/4AKfrGJS0 kUqsdt+SmLQQCAW9HsaVV7MY5D+Yv0BTCqHkaNz3kfVGWAg00+HOzS19oVu/+seh DyZ7Cmj+329a+OvFUvGYMuZ44gngSGMeGWX+IFIv114oz2q9Nx8lQVsUh8wdzpI6 J+ZWyc4CeGMGBETo42ZGVVflSWnQBr/MtgrxxrGWXDI2RFXpONk= =CQvd -----END PGP SIGNATURE-----
