-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : db4.7 Version : 4.7.25-21+deb7u1 CVE ID : CVE-2017-10140 Debian Bug : 872436
It was found that the Berkeley DB reads DB_CONFIG from the current working directory, leading to information leak by tricking privileged processes into reading arbitrary files. For Debian 7 "Wheezy", these problems have been fixed in version 4.7.25-21+deb7u1. We recommend that you upgrade your db4.7 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlnnmmIACgkQnUbEiOQ2 gwKvaw/+IQ1j2kLyceL8rEjz/s5/LdxCrUSchGuAyS8Uf9ASECv7CthoOAkxP5hs p3VjgOXFoA0hBKFyuULLs+l7iPqL5Mbs2C30to4NUkpGjTFeGq7EFEu8UHlQBp8i MG1RV0OBbqX6bXC/O/FzW+a54WjsBUs6CaZSB46L/q6r8mHAL9o6/2y3Zuej5pP8 PgXc3Ro/ngzXxTEZbsn28KF1t7vtSwKYPKy/MVlW70j2qOTSzgyjrYlWAcJ1cWbJ qxau9PKgg8FDMaioGG9ATLg+35i1b3HtsvwEbpFIc5jr2b4/OJZ5oxd4lwGEFZhb jUaXYi5lfY7dQpvD76E2S+iPMV2GWVsLJAKLcAn+g4SmCjn85naPj8ohYwIAaMMv MOoaDQm6riLm1avj4TgNT1KC/Rurzas7DFMP3Yq4gYCc3uszWqBmdgUVL7VGB5uX GEfOngZ86bkliqStafRmLA5cwMA739OhRyG4tBqPHV/bwhK0H1bWQ/ongMRTEw66 r5hyX95bJLXm1MUERTP0yeHXzKYS6BJt/MfBd7O2Hk2+9a8ufibJnmyH1CPSlcVv CTRDx7n6UeWKETbF212LLmq8/2pUOQjTNBi8ohdSBo2IZQD+erTPLi6TQ01IEF2V ItTVWOsteVI+mElRK3B8qXb1/D5bfdDpnkbirQy3B+m2DnAYu4s= =KPfz -----END PGP SIGNATURE-----