[pkg-firebird-general] Bug#441405: #441405: Several Firebird vulnerabilities discovered
Damyan Ivanov
dam at modsoftsys.com
Mon Sep 10 07:42:46 UTC 2007
tags 441405 pending
thanks
Hi, Thijs,
Thanks for taking time to follow security bulletins and reporting these
issues.
All these are supposed to be fixed in the 2.0.3 release, which I am
preparing upload of. I'll use urgency=medium instead of high because of
two reasons:
1) this is new upstream release (although minor)
2) it is actually a pre-release, that is expected to be released
without changes unless severe problems appear
Now, why not 2.0.2 then? Because there were a bad regression in it.
2.0.3 is released just to fix this.
All the issues are present in the 1.5 series (source package firebird2
in etch, source package firebird1.5 in lenny/sid), but fixing them is
not possible. There are other security issues with 1.5 series (#438855)
and fixing these is very hard as upstream no longer supports them and
backporting patches is impossible due to the severe changes between 1.5
and 2.0.
Because of the above, 1.5 series are pending removal from Debian (see
#438862)
--
dam JabberID: dam at jabber.minus273.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-firebird-general/attachments/20070910/eb0563f9/attachment.pgp
More information about the pkg-firebird-general
mailing list