Re: Removal of Libdb5.3

To: debian-user@lists.debian.org
Subject: Re: Removal of Libdb5.3
From: Greg Wooledge <greg@wooledge.org>
Date: Wed, 8 Nov 2023 18:37:04 -0500
Message-id: <[🔎] ZUwboHr-1GrnRAS6@wooledge.org>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] ZUwXvcq7vHGghmNI@mail.bitfolk.com>
References: <[🔎] SJ2PR07MB9757B1449C351013E1A458A9C1A8A@SJ2PR07MB9757.namprd07.prod.outlook.com> <[🔎] ZUwXvcq7vHGghmNI@mail.bitfolk.com>

On Wed, Nov 08, 2023 at 11:20:29PM +0000, Andy Smith wrote:
> On Wed, Nov 08, 2023 at 03:57:15PM +0000, Busireddy, Nikhitha Reddy wrote:
> 
> > We are building a project on Debian:bullseye, and due to security
> > issues, we are trying to remove libdb5.3 package.
> 
> As you have discovered, libdb3.5 is required for several essential
> parts of the Debian 12 release, such as libpam-modules.
> 
> If you can't solve your security issues you'll need to avoid using
> Debian.
> 
> It is likely that your "security issues" are that something says a
> particular version of libdb has a certain bug and must not be used,
> but you will probably find upon research that Debian has already
> patched that particular bug or is not affected by it in the first
> place.
> 
> Looking for the particular CVE number at
> https://security-tracker.debian.org/tracker/ can often help to
> resolve these sorts of issues.

It would be nice if the OP told us which issue is a concern, and why.
A quick google search turns up
<https://security-tracker.debian.org/tracker/CVE-2019-8457> but I
don't know how much of a concern that is on any given system.

(Does a default Debian installation even *have* any sqlite databases
on it?)

Reply to:

References:
- Removal of Libdb5.3
  - From: "Busireddy, Nikhitha Reddy" <nikhitha-reddy.busireddy@siemens.com>
- Re: Removal of Libdb5.3
  - From: Andy Smith <andy@strugglers.net>

Prev by Date: Re: Removal of Libdb5.3
Next by Date: Re: Removal of Libdb5.3
Previous by thread: Re: Removal of Libdb5.3
Next by thread: Re: Removal of Libdb5.3
Index(es):
- Date
- Thread