diff options
author | Westly Ward | 2020-10-01 10:30:07 -0600 |
---|---|---|
committer | Westly Ward | 2020-10-01 10:30:07 -0600 |
commit | 90c74508217e59d57accf0a3095cd0916f765d97 (patch) | |
tree | d3d920d7b7ac3b9304559f571f31e8f4a568c413 /CVE-2017-10140-cwd-db_config.patch | |
download | aur-90c74508217e59d57accf0a3095cd0916f765d97.tar.gz |
Initial commit
Diffstat (limited to 'CVE-2017-10140-cwd-db_config.patch')
-rw-r--r-- | CVE-2017-10140-cwd-db_config.patch | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/CVE-2017-10140-cwd-db_config.patch b/CVE-2017-10140-cwd-db_config.patch new file mode 100644 index 000000000000..8024e3aaed9a --- /dev/null +++ b/CVE-2017-10140-cwd-db_config.patch @@ -0,0 +1,22 @@ +Description: CVE-2017-10140: Reads DB_CONFIG from the current working directory + Do not access DB_CONFIG when db_home is not set. +Origin: vendor, https://src.fedoraproject.org/rpms/libdb/raw/8047fa8580659fcae740c25e91b490539b8453eb/f/db-5.3.28-cwd-db_config.patch +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-10140 +Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1464032 +Bug-SuSE: https://bugzilla.novell.com/show_bug.cgi?id=1043886 +Forwarded: no +Author: Petr Kubat <pkubat@redhat.com> +Reviewed-by: Salvatore Bonaccorso <carnil@debian.org> +Last-Update: 2017-08-17 + +--- db-5.3.28/env/env_open.c.old 2017-06-26 10:32:11.011419981 +0200 ++++ db-5.3.28/env/env_open.c 2017-06-26 10:32:46.893721233 +0200 +@@ -473,7 +473,7 @@ + env->db_mode = mode == 0 ? DB_MODE_660 : mode; + + /* Read the DB_CONFIG file. */ +- if ((ret = __env_read_db_config(env)) != 0) ++ if (env->db_home != NULL && (ret = __env_read_db_config(env)) != 0) + return (ret); + + /* |