https://bugzilla.suse.com/show_bug.cgi?id=1208115 Bug ID: 1208115 Summary: libdb 4.8.30 matched in rpm-4.14.3-150300.52.1.x86_64.rpm Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.4 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: simonalogan@gmail.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Our security scanning tool has matched libdb 4.8.30 in rpm-4.14.3-150300.52.1.x86_64.rpm as follows: Full File Path rpm-4.14.3-150300.52.1.x86_64.rpm/usr/lib64/librpm.so.8.2.0 Signature 0:"Berkeley DB 4.8.30:" libdb was previously examined in https://bugzilla.suse.com/show_bug.cgi?id=1036086 and declared WONTFIX. It���s now 6 years later and our security scanner is still flagging CVE-2017-3604 - CVE-2017-3617 against libdb 4.8.30 in rpm-4.14.3-150300.52.1.x86_64.rpm Is it possible to revisit this? Thanks, Simon -- You are receiving this mail because: You are on the CC list for the bug.