[Pkg-firebird-general] Fw: [Firebird-devel] Patch for vulnerability firebird 1.0.3 ?
Daniel Urban
daniel@sente.pl
Wed, 16 Jun 2004 15:02:36 +0200
----- Original Message -----
From: "Alex Peshkov" <pes@insi.yaroslavl.ru>
To: <firebird-devel@lists.sourceforge.net>
Cc: <251458@bugs.debian.org>
Sent: Wednesday, June 16, 2004 1:57 PM
Subject: Re: [Firebird-devel] Patch for vulnerability firebird 1.0.3 ?
> Remco Seesink wrote:
>
> >Hello,
> >
> >I am trying to fix a security bug on firebird 1.0.2 and 1.0.3 on debian.
The details of the bug can be found here:
> >http://bugs.debian.org/251458
> >
> >I was wondering if somebody already made a patch for this bug. The
current plan is to support both firebird 1.0.3 and 1.5.0 in debian. This is
why upgrading to 1.5.0 wouldn't help.
> >
> >If there is no patch, any pointers to what source files are likely
involved?
> >
> >
> Unfortunately, very many.
> It was rather big code review during which we tried to fix a great(!)
> lot of buffer overflows in firebird sources.
> Particular this bug may be fixed relatively easy, but on my mind it has
> no sence - there is a great lot of other overflows and some other
> security holes (including execution of arbitrary code with root rights)
> that were fixed in fb1.5.
> It seems unreal to me to backport them all to 1.0, therefore if one
> cares about security - use 1.5.
>
> >Cheers,
> >Remco Seesink.
> >
> >
> >
> >
> Alex.
>
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference
> Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer
> Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA
> REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND
> Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel
>