Hi, On Thu, Oct 05, 2017 at 10:53:26AM +0200, Emilio Pozuelo Monfort wrote: > On 29/09/17 20:55, Guido Günther wrote: > > Hi, > > On Wed, Sep 27, 2017 at 06:48:07PM +0200, Emilio Pozuelo Monfort wrote: > >> Hi, > >> > >> I've prepared fixes for CVE-2017-10140 which affects src:db (5.1), > >> src:db4.7 and > >> src:db4.8 in wheezy. Of those, the most important one is src:db, which is > >> the > >> one with actual reverse dependencies. However the other two also ship the > >> shared > >> library in db4.[78]-util, so I'll also fix those to be safe. > >> > >> I'll wait a few days to give a chance to get more testing on this, maybe > >> even > >> wait for the (old)stable point releases which will ship updates to their > >> respective db versions containing this fix, to see if any regressions get > >> reported. Though if you have a chance to test these in wheezy (especially > >> libdb5.1) then all the better. > > > > I just wanted to give these a spin but didn't see any URLs to packages > > or attached patches. Did I miss s.th.? > > Sorry, forgot to add the URL, and your reply went to the spam folder. > > Here they are: https://people.debian.org/~pochu/lts/db/
Postfix as well as Heimdal look o.k. with new libdb5.1 Cheers, -- Guido > > Thanks! > Emilio >
