[pkg-firebird-general] Bug#693210: Bug#693210: server crash on prearing an empty query with tracing enabled

Damyan Ivanov dmn at debian.org
Sun Mar 10 09:17:35 UTC 2013


-=| Moritz Muehlenhoff, 04.03.2013 18:59:53 +0100 |=-
> On Sun, Jan 20, 2013 at 11:40:54PM +0900, Hideki Yamane wrote:
> > On Wed, 14 Nov 2012 23:14:51 +0200
> > Damyan Ivanov <dmn at debian.org> wrote:
> > > > Forwarded: http://tracker.firebirdsql.org/browse/CORE-3884
> > > > 
> > > > With trace enabled, preparing an empty query crashes the server on line 91 of 
> > > > /src/jrd/trace/TraceDSQLHelpers.h, since the dereferenced m_request variable is 
> > > > NULL.
> > > > 
> > > > Tagged as 'security' since this is a remote crash, although it requires a valid 
> > > > user/pass.
> > > 
> > > This issue has assigned CVE-2012-5529.
> > 
> >  Probably you know, it was fixed in upstream svn and they released 2.5.2.
> >  I've attached a patch (build fine with pbuilder), please check and apply it.
> 
> Firebird maintainers,
> can you please fix this for Wheezy?

Hm, what about squeeze, which is also affected? Attached is a (source) 
debdiff against the version in squeeze. Should it go via 
stable-security or stable-updates?


Thanks,
    dam
-------------- next part --------------
A non-text attachment was scrubbed...
Name: firebird2.5_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1-source.diff
Type: text/x-diff
Size: 2293 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-firebird-general/attachments/20130310/626374d5/attachment.diff>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-firebird-general/attachments/20130310/626374d5/attachment.pgp>


More information about the pkg-firebird-general mailing list