[pkg-firebird-general] firebird2.0 stable update for CVE-2009-2620
Damyan Ivanov
dmn at debian.org
Tue Aug 18 15:29:31 UTC 2009
Dear stable release managers,
-=| Giuseppe Iuculano, Tue, Aug 18, 2009 at 03:42:05PM +0200 |=-
> the following CVE (Common Vulnerabilities & Exposures) id was
> published for firebird2.0 some time ago.
>
> CVE-2009-2620[0]:
> | src/remote/server.cpp in fbserver.exe in Firebird SQL 1.5 before
> | 1.5.6, 2.0 before 2.0.6, 2.1 before 2.1.3, and 2.5 before 2.5 Beta 2
> | allows remote attackers to cause a denial of service (daemon crash)
> | via a malformed op_connect_request message that triggers an infinite
> | loop or NULL pointer dereference.
>
> Unfortunately the vulnerability described above is not important enough
> to get it fixed via regular security update in Debian stable. It does
> not warrant a DSA.
>
> However it would be nice if this could get fixed via a regular point
> update.
> Please contact the release team for this.
Hear I am.
The change needed was taken from upstream's CVS repository and only
refreshed to apply cleanly (line numbers changed). The patch is
here[0].
[0] http://git.debian.org/?p=pkg-firebird/2.0.git;a=blob;f=debian/patches/cvs_CVE-2009-2620_DOS.patch;h=be79c08a837d69cae6224cc08e5a39adf57cff4e;hb=lenny
Upstream commit is at
http://firebird.cvs.sourceforge.net/viewvc/firebird/firebird2/src/remote/server.cpp?r1=1.126.2.16&r2=1.126.2.17&pathrev=B2_0_Release
Interdiff attached. Hopefully I got it right (this is the first stable
upload for me).
Thanks,
--
dam
-------------- next part --------------
A non-text attachment was scrubbed...
Name: firebird2.0-stable-update.diff
Type: text/x-diff
Size: 2339 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-firebird-general/attachments/20090818/04c7bdaa/attachment.diff>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-firebird-general/attachments/20090818/04c7bdaa/attachment.pgp>
More information about the pkg-firebird-general
mailing list