On 29/09/17 20:55, Guido Günther wrote: > Hi, > On Wed, Sep 27, 2017 at 06:48:07PM +0200, Emilio Pozuelo Monfort wrote: >> Hi, >> >> I've prepared fixes for CVE-2017-10140 which affects src:db (5.1), src:db4.7 >> and >> src:db4.8 in wheezy. Of those, the most important one is src:db, which is the >> one with actual reverse dependencies. However the other two also ship the >> shared >> library in db4.[78]-util, so I'll also fix those to be safe. >> >> I'll wait a few days to give a chance to get more testing on this, maybe even >> wait for the (old)stable point releases which will ship updates to their >> respective db versions containing this fix, to see if any regressions get >> reported. Though if you have a chance to test these in wheezy (especially >> libdb5.1) then all the better. > > I just wanted to give these a spin but didn't see any URLs to packages > or attached patches. Did I miss s.th.?
Sorry, forgot to add the URL, and your reply went to the spam folder. Here they are: https://people.debian.org/~pochu/lts/db/ Thanks! Emilio
