summarylogtreecommitdiffstats
path: root/CVE-2017-10140-cwd-db_config.patch
diff options
context:
space:
mode:
authorWestly Ward2020-10-01 10:30:07 -0600
committerWestly Ward2020-10-01 10:30:07 -0600
commit90c74508217e59d57accf0a3095cd0916f765d97 (patch)
treed3d920d7b7ac3b9304559f571f31e8f4a568c413 /CVE-2017-10140-cwd-db_config.patch
downloadaur-90c74508217e59d57accf0a3095cd0916f765d97.tar.gz
Initial commit
Diffstat (limited to 'CVE-2017-10140-cwd-db_config.patch')
-rw-r--r--CVE-2017-10140-cwd-db_config.patch22
1 files changed, 22 insertions, 0 deletions
diff --git a/CVE-2017-10140-cwd-db_config.patch b/CVE-2017-10140-cwd-db_config.patch
new file mode 100644
index 00000000000..8024e3aaed9
--- /dev/null
+++ b/CVE-2017-10140-cwd-db_config.patch
@@ -0,0 +1,22 @@
+Description: CVE-2017-10140: Reads DB_CONFIG from the current working directory
+ Do not access DB_CONFIG when db_home is not set.
+Origin: vendor, https://src.fedoraproject.org/rpms/libdb/raw/8047fa8580659fcae740c25e91b490539b8453eb/f/db-5.3.28-cwd-db_config.patch
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-10140
+Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1464032
+Bug-SuSE: https://bugzilla.novell.com/show_bug.cgi?id=1043886
+Forwarded: no
+Author: Petr Kubat <pkubat@redhat.com>
+Reviewed-by: Salvatore Bonaccorso <carnil@debian.org>
+Last-Update: 2017-08-17
+
+--- db-5.3.28/env/env_open.c.old 2017-06-26 10:32:11.011419981 +0200
++++ db-5.3.28/env/env_open.c 2017-06-26 10:32:46.893721233 +0200
+@@ -473,7 +473,7 @@
+ env->db_mode = mode == 0 ? DB_MODE_660 : mode;
+
+ /* Read the DB_CONFIG file. */
+- if ((ret = __env_read_db_config(env)) != 0)
++ if (env->db_home != NULL && (ret = __env_read_db_config(env)) != 0)
+ return (ret);
+
+ /*