-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : db4.8 Version : 4.8.30-12+deb7u1 CVE ID : CVE-2017-10140 Debian Bug : 872436
It was found that the Berkeley DB reads DB_CONFIG from the current working directory, leading to information leak by tricking privileged processes into reading arbitrary files. For Debian 7 "Wheezy", these problems have been fixed in version 4.8.30-12+deb7u1. We recommend that you upgrade your db4.8 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlnnmfkACgkQnUbEiOQ2 gwKiGw//X7W2Q3CqJaLzWm7DFvvO+FwrAyfAgGGZlF4GFuP5GlMNwUTH2Hm8q0bH 51lWsHzZn/oSqTh3aTpNDw+xwqgbv32Z1HiJ8UBobEsU3MQXR/Zz1Rj1yoaY5jHK BuSqTpB+1ON3DAs2zkCpWd8ULEAvVaDWVveRM1WVBj4A/uwye7u3bz0dqTHqqYo5 Hl7b+szPqXbDHOAZ3xMi/IZLQHwUBNYxeZ3Ioqv5N7AbjuQbJ6VsWP8RcdXjitFe EIOnvTY4fmF6tptxuD1/ECIgvNNB1yARjaHt9Z3Z/UBOsxGcr9/LboiSKNxB1xaC xbyzlte4PBji2gvfecs56SjcwDOZPqz6bPloc56uhNDxnNYmtW4KDv8bdx0JjUsY rU/VcX3H7AVHbh9Yx9M0QrrofUoQW5Fzk1yWiaewvnGxcxytPynrgRnnRz8Yv51A MBEkWv2dz07M8Alr76ZuaOiuRGD9rHZi3XTTcUsX/Se5fZXj5AeM5K1c6IOa6m84 edUxdl9IvKC4uvB+1QOX5AIjNov/JwLIiEdcelJ1KMY2WdsCpBhV8zI6b1BkDL9e k+OMyLX+hWRHsgpUMZzN8l+L6oKYnKJ2abbaJlod6Dk2+lRui2vsKaDsbzDhmw7u gw25mTkl18FZHL3O00ldTkdXjKONabqz+7anQjqLdjWVqEVseB8= =v41K -----END PGP SIGNATURE-----
