[Bug 1208115] New: libdb 4.8.30 matched in rpm-4.14.3-150300.52.1.x86_64.rpm
https://bugzilla.suse.com/show_bug.cgi?id=1208115 Bug ID: 1208115 Summary: libdb 4.8.30 matched in rpm-4.14.3-150300.52.1.x86_64.rpm Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.4 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: simonalogan@gmail.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Our security scanning tool has matched libdb 4.8.30 in rpm-4.14.3-150300.52.1.x86_64.rpm as follows: Full File Path rpm-4.14.3-150300.52.1.x86_64.rpm/usr/lib64/librpm.so.8.2.0 Signature 0:"Berkeley DB 4.8.30:" libdb was previously examined in https://bugzilla.suse.com/show_bug.cgi?id=1036086 and declared WONTFIX. It���s now 6 years later and our security scanner is still flagging CVE-2017-3604 - CVE-2017-3617 against libdb 4.8.30 in rpm-4.14.3-150300.52.1.x86_64.rpm Is it possible to revisit this? Thanks, Simon -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1208115 https://bugzilla.suse.com/show_bug.cgi?id=1208115#c1 Marcus Meissner <meissner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |meissner@suse.com, | |security-team@suse.de Assignee|security-team@suse.de |mls@suse.com --- Comment #1 from Marcus Meissner <meissner@suse.com> --- Not sure if it will ever get any attacker input in RPM. reassign to RPM maintainer. -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com