[pkg-firebird-general] Bug#693210: server crash on prearing an empty query with tracing enabled

Moritz Muehlenhoff jmm at inutil.org
Mon Mar 4 17:59:53 UTC 2013


On Sun, Jan 20, 2013 at 11:40:54PM +0900, Hideki Yamane wrote:
> Hi,
> 
> On Wed, 14 Nov 2012 23:14:51 +0200
> Damyan Ivanov <dmn at debian.org> wrote:
> > > Forwarded: http://tracker.firebirdsql.org/browse/CORE-3884
> > > 
> > > With trace enabled, preparing an empty query crashes the server on line 91 of 
> > > /src/jrd/trace/TraceDSQLHelpers.h, since the dereferenced m_request variable is 
> > > NULL.
> > > 
> > > Tagged as 'security' since this is a remote crash, although it requires a valid 
> > > user/pass.
> > 
> > This issue has assigned CVE-2012-5529.
> 
>  Probably you know, it was fixed in upstream svn and they released 2.5.2.
>  I've attached a patch (build fine with pbuilder), please check and apply it.

Firebird maintainers,
can you please fix this for Wheezy?

Cheers,
        Moritz



More information about the pkg-firebird-general mailing list