[Pkg-firebird-general] Fw: [Firebird-devel] Patch for vulnerability firebird 1.0.3 ?

Mark O'Donohue mark.odonohue@firebirdsql.org
Wed, 16 Jun 2004 23:36:19 +1000 

And I would second Dmitry's comments.

I should get a chance this week end to install sarge and then try 
Remco's install packages.  Im aware of most of the tricks done in the 
linux (redhat/mandake) installs so hopefully once I know a bit more 
about debian packaging I can then be useful.


Cheers

Mark


Daniel Urban wrote:
> ----- Original Message ----- 
> From: "Alex Peshkov" <pes@insi.yaroslavl.ru>
> To: <firebird-devel@lists.sourceforge.net>
> Cc: <251458@bugs.debian.org>
> Sent: Wednesday, June 16, 2004 1:57 PM
> Subject: Re: [Firebird-devel] Patch for vulnerability firebird 1.0.3 ?
> 
> 
> 
>>Remco Seesink wrote:
>>
>>
>>>Hello,
>>>
>>>I am trying to fix a security bug on firebird 1.0.2 and 1.0.3 on debian.
> 
> The details of the bug can be found here:
> 
>>>http://bugs.debian.org/251458
>>>
>>>I was wondering if somebody already made a patch for this bug. The
> 
> current plan is to support both firebird 1.0.3 and 1.5.0 in debian. This is
> why upgrading to 1.5.0 wouldn't help.
> 
>>>If there is no patch, any pointers to what source files are likely
> 
> involved?
> 
>>>
>>Unfortunately, very many.
>>It was rather big code review during which we tried to fix a great(!)
>>lot of buffer overflows in firebird sources.
>>Particular this bug may be fixed relatively easy, but on my mind it has
>>no sence - there is a great lot of other overflows and some other
>>security holes (including execution of arbitrary code with root rights)
>>that were fixed in fb1.5.
>>It seems unreal to me to backport them all to 1.0, therefore if one
>>cares about security - use 1.5.
>>
>>
>>>Cheers,
>>>Remco Seesink.
>>>
>>>
>>>
>>>
>>
>>Alex.
>>
>>
>>
>>
>>-------------------------------------------------------
>>This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference
>>Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer
>>Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA
>>REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND
>>Firebird-Devel mailing list, web interface at
> 
> https://lists.sourceforge.net/lists/listinfo/firebird-devel
> 
> 
> 
> _______________________________________________
> Pkg-firebird-general mailing list
> Pkg-firebird-general@lists.alioth.debian.org
> http://lists.alioth.debian.org/mailman/listinfo/pkg-firebird-general
> 
>