On Jan 25, Lionel Debroux <lionel_debr...@yahoo.fr> wrote: > Several days ago, jmm from the security team suggested that I start a > discussion on debian-devel about Berkeley DB, which has known security > issues, because doing so may enable finding a consensus on how to move Can you clarify the threat model? E.g. is libdb attackable by user-supplied data from the program using it or do attacks require write access to the db files?
-- ciao, Marco
signature.asc
Description: PGP signature
