[pkg-firebird-general] Bug#693210: Bug#693210: server crash on prearing an empty query with tracing enabled
Slávek Banko
slavek.banko at axis.cz
Tue Mar 5 16:55:51 UTC 2013
Dne po 4. března 2013 Moritz Muehlenhoff napsal(a):
> On Sun, Jan 20, 2013 at 11:40:54PM +0900, Hideki Yamane wrote:
> > Hi,
> >
> > On Wed, 14 Nov 2012 23:14:51 +0200
> >
> > Damyan Ivanov <dmn at debian.org> wrote:
> > > > Forwarded: http://tracker.firebirdsql.org/browse/CORE-3884
> > > >
> > > > With trace enabled, preparing an empty query crashes the server
> > > > on line 91 of /src/jrd/trace/TraceDSQLHelpers.h, since the
> > > > dereferenced m_request variable is NULL.
> > > >
> > > > Tagged as 'security' since this is a remote crash, although it
> > > > requires a valid user/pass.
> > >
> > > This issue has assigned CVE-2012-5529.
> >
> > Probably you know, it was fixed in upstream svn and they released
> > 2.5.2. I've attached a patch (build fine with pbuilder), please check
> > and apply it.
>
> Firebird maintainers,
> can you please fix this for Wheezy?
>
> Cheers,
> Moritz
>
I can confirm that the patch from
http://firebird.svn.sourceforge.net/viewvc?revision=54702&pathrev=54702&view=rev
can be cleanly applied to both firebird2.5 from Squeeze, and also to
current version from Wheezy (hence also Sid).
Is at this time of hope that it would be possible to update Wheezy version
to final 2.5.2? In this version is mentioned problem already fixed. I
think that the package git repository is ready for 2.5.2.
Slavek
--
More information about the pkg-firebird-general
mailing list