Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > linux.debian.security > #6474
| From | Jeffrey Walton <noloader@gmail.com> |
|---|---|
| Newsgroups | linux.debian.security |
| Subject | Re: Re: BerkeleyDB CVEs |
| Date | 2025-10-15 15:50 +0200 |
| Message-ID | <LGa37-5oxa-1@gated-at.bofh.it> (permalink) |
| References | <LGa37-5oxa-3@gated-at.bofh.it> |
| Organization | linux.* mail to news gateway |
On Wed, Oct 15, 2025 at 9:14 AM Juraj Longauer <juraj.longauer@flowbox.com> wrote: > > A follow up questions if I may... > > May I assume that when the CRITICAL CVE is identified on Berkeley DB (libdb5.3) and enough information is shared the package maintainer will fix it? > I talked to maintainer and he mentioned that library is now orphaned which suggests that the fix will not be developed? > Bastian Germann: "...The request was placed better at the Security Team. I have orphaned the pkg." > https://packages.debian.org/bookworm/libdb5.3 I seem to recall BerkleyDB changed its licensing way back when, and it caused projects like Debian and Fedora to freeze the version at the old, downlevel version. I doubt the package will be updated, even with a maintainer (until the license changes to something more amenable to FOSS). Or, I could be mis-remembering things because I am getting old... Jeff
Back to linux.debian.security | Previous | Next | Find similar
Re: Re: BerkeleyDB CVEs Jeffrey Walton <noloader@gmail.com> - 2025-10-15 15:50 +0200
csiph-web