[pkg-firebird-general] Bug#693210: server crash on prearing an empty query with tracing enabled
Moritz Muehlenhoff
jmm at inutil.org
Mon Mar 4 17:59:53 UTC 2013
On Sun, Jan 20, 2013 at 11:40:54PM +0900, Hideki Yamane wrote:
> Hi,
>
> On Wed, 14 Nov 2012 23:14:51 +0200
> Damyan Ivanov <dmn at debian.org> wrote:
> > > Forwarded: http://tracker.firebirdsql.org/browse/CORE-3884
> > >
> > > With trace enabled, preparing an empty query crashes the server on line 91 of
> > > /src/jrd/trace/TraceDSQLHelpers.h, since the dereferenced m_request variable is
> > > NULL.
> > >
> > > Tagged as 'security' since this is a remote crash, although it requires a valid
> > > user/pass.
> >
> > This issue has assigned CVE-2012-5529.
>
> Probably you know, it was fixed in upstream svn and they released 2.5.2.
> I've attached a patch (build fine with pbuilder), please check and apply it.
Firebird maintainers,
can you please fix this for Wheezy?
Cheers,
Moritz
More information about the pkg-firebird-general
mailing list