[Pkg-firebird-general] Bug#251458: [Firebird-devel] Patch for vulnerability firebird 1.0.3 ?

Remco Seesink Remco Seesink <raseesink@hotpop.com>, 251458@bugs.debian.org
Wed, 16 Jun 2004 19:42:29 +0200

On Wed, 16 Jun 2004 15:57:52 +0400
Alex Peshkov <pes@insi.yaroslavl.ru> wrote:

> Unfortunately, very many.
> It was rather big code review during which we tried to fix a great(!) 
> lot of buffer overflows in firebird sources.
> Particular this bug may be fixed relatively easy, but on my mind it has 
> no sence - there is a great lot of other overflows and some other 
> security holes (including execution of arbitrary code with root rights) 
> that were fixed in fb1.5.
> It seems unreal to me to backport them all to 1.0, therefore if one 
> cares about security - use 1.5.

Thank you for your reply. We will have to speed up the packaging of 1.5
and at least put some warnings on the 1.0.3 installation.