Package/db4.8
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added some patchfiles

Browse Source
This commit is contained in:
Raansu
2018-03-13 02:53:21 -07:00
parent acfb2ae250
commit 6873842109
4 changed files with 71 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
CVE-2017-10140-cwd-db_config.patch Normal file
View File

@@ -0,0 +1,22 @@
Description: CVE-2017-10140: Reads DB_CONFIG from the current working directory
Do not access DB_CONFIG when db_home is not set.
Origin: vendor, https://src.fedoraproject.org/rpms/libdb/raw/8047fa8580659fcae740c25e91b490539b8453eb/f/db-5.3.28-cwd-db_config.patch
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-10140
Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1464032
Bug-SuSE: https://bugzilla.novell.com/show_bug.cgi?id=1043886
Forwarded: no
Author: Petr Kubat <pkubat@redhat.com>
Reviewed-by: Salvatore Bonaccorso <carnil@debian.org>
Last-Update: 2017-08-17
--- db-5.3.28/env/env_open.c.old 2017-06-26 10:32:11.011419981 +0200
+++ db-5.3.28/env/env_open.c 2017-06-26 10:32:46.893721233 +0200
@@ -473,7 +473,7 @@
env->db_mode = mode == 0 ? DB_MODE_660 : mode;
/* Read the DB_CONFIG file. */
- if ((ret = __env_read_db_config(env)) != 0)
+ if (env->db_home != NULL && (ret = __env_read_db_config(env)) != 0)
return (ret);
/*