On Tue, Oct 16, 2018 at 04:58:56AM +0530, shirish शिरीष wrote: > While upgrading my system, I came across this bug (shared by apt-listbugs) . > > I wonder if there are any gdbm databases which are built and have that > database. > > The one example that was shared by6 Niko was of libmarc-charset-perl > an optional component. Maybe some core packges might be affected > though ? > > Also how do I recognize which files or package are vulnerable to this change ?
I'm not aware of a generic way to find out this. Dependencies on python-gdbm and the like might be one avenue, though on the Perl side it's not that easy as GDBM support is bundled with perl. Maybe looking for GDBM_File on codesearch.debian.net could cover that part. Of course one could locally run something like % find / -type f -print0 | xargs -0 file | grep 'GNU dbm.*old$' or something like that but that covers just just packages that are installed. So I guess part of it is just a matter of waiting for reports of breakage. (My gut feeling is that there aren't going to be too many, and I'm most concerned about unpackaged local databases on user systems.) -- Niko
