[Pkg-firebird-general] Bug#251458: [Firebird-devel] Patch for vulnerability firebird 1.0.3 ?
Remco Seesink
Remco Seesink <raseesink@hotpop.com>, 251458@bugs.debian.org
Wed, 16 Jun 2004 19:42:29 +0200
On Wed, 16 Jun 2004 15:57:52 +0400
Alex Peshkov <pes@insi.yaroslavl.ru> wrote:
> Unfortunately, very many.
> It was rather big code review during which we tried to fix a great(!)
> lot of buffer overflows in firebird sources.
> Particular this bug may be fixed relatively easy, but on my mind it has
> no sence - there is a great lot of other overflows and some other
> security holes (including execution of arbitrary code with root rights)
> that were fixed in fb1.5.
> It seems unreal to me to backport them all to 1.0, therefore if one
> cares about security - use 1.5.
Thank you for your reply. We will have to speed up the packaging of 1.5
and at least put some warnings on the 1.0.3 installation.
Cheers,
Remco.