On Wed, Nov 08, 2023 at 11:20:29PM +0000, Andy Smith wrote: > On Wed, Nov 08, 2023 at 03:57:15PM +0000, Busireddy, Nikhitha Reddy wrote: > > > We are building a project on Debian:bullseye, and due to security > > issues, we are trying to remove libdb5.3 package. > > As you have discovered, libdb3.5 is required for several essential > parts of the Debian 12 release, such as libpam-modules. > > If you can't solve your security issues you'll need to avoid using > Debian. > > It is likely that your "security issues" are that something says a > particular version of libdb has a certain bug and must not be used, > but you will probably find upon research that Debian has already > patched that particular bug or is not affected by it in the first > place. > > Looking for the particular CVE number at > https://security-tracker.debian.org/tracker/ can often help to > resolve these sorts of issues.
It would be nice if the OP told us which issue is a concern, and why. A quick google search turns up <https://security-tracker.debian.org/tracker/CVE-2019-8457> but I don't know how much of a concern that is on any given system. (Does a default Debian installation even *have* any sqlite databases on it?)
