Initial commit

author: Westly Ward 2020-10-01 10:30:07 -0600
committer: Westly Ward 2020-10-01 10:30:07 -0600
commit: 90c74508217e59d57accf0a3095cd0916f765d97 (patch)
tree: d3d920d7b7ac3b9304559f571f31e8f4a568c413 /CVE-2017-10140-cwd-db_config.patch
download: aur-90c74508217e59d57accf0a3095cd0916f765d97.tar.gz
1 files changed, 22 insertions, 0 deletions
diff --git a/CVE-2017-10140-cwd-db_config.patch b/CVE-2017-10140-cwd-db_config.patch
new file mode 100644
index 000000000000..8024e3aaed9a
--- /dev/null
+++ b/CVE-2017-10140-cwd-db_config.patch
@@ -0,0 +1,22 @@
+Description: CVE-2017-10140: Reads DB_CONFIG from the current working directory
+ Do not access DB_CONFIG when db_home is not set.
+Origin: vendor, https://src.fedoraproject.org/rpms/libdb/raw/8047fa8580659fcae740c25e91b490539b8453eb/f/db-5.3.28-cwd-db_config.patch
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-10140
+Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1464032
+Bug-SuSE: https://bugzilla.novell.com/show_bug.cgi?id=1043886
+Forwarded: no
+Author: Petr Kubat <pkubat@redhat.com>
+Reviewed-by: Salvatore Bonaccorso <carnil@debian.org>
+Last-Update: 2017-08-17
+
+--- db-5.3.28/env/env_open.c.old	2017-06-26 10:32:11.011419981 +0200
++++ db-5.3.28/env/env_open.c	2017-06-26 10:32:46.893721233 +0200
+@@ -473,7 +473,7 @@
+ 	env->db_mode = mode == 0 ? DB_MODE_660 : mode;
+ 
+ 	/* Read the DB_CONFIG file. */
+-	if ((ret = __env_read_db_config(env)) != 0)
++	if (env->db_home != NULL && (ret = __env_read_db_config(env)) != 0)
+ 		return (ret);
+ 
+ 	/*
author	Westly Ward	2020-10-01 10:30:07 -0600
committer	Westly Ward	2020-10-01 10:30:07 -0600
commit	90c74508217e59d57accf0a3095cd0916f765d97 (patch)
tree	d3d920d7b7ac3b9304559f571f31e8f4a568c413 /CVE-2017-10140-cwd-db_config.patch
download	aur-90c74508217e59d57accf0a3095cd0916f765d97.tar.gz