[pkg-firebird-general] Bug#702736: firebird2.5: CVE-2013-2492: Request Processing Buffer Overflow Vulnerability
Moritz Muehlenhoff
jmm at inutil.org
Tue Mar 12 09:36:30 UTC 2013
On Tue, Mar 12, 2013 at 10:49:00AM +0200, Damyan Ivanov wrote:
> -=| Salvatore Bonaccorso, 10.03.2013 22:14:30 +0100 |=-
> > Source: firebird2.5
> > Severity: grave
> > Tags: security
> >
> > Hi
> >
> > the following vulnerability was published for firebird2.5.
> >
> > CVE-2013-2492[0]:
> > Request Processing Buffer Overflow Vulnerability
> >
> > If you fix the vulnerability please also make sure to include the
> > CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
> >
> > For further information see also [1] and [2].
> >
> > [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2492
> > http://security-tracker.debian.org/tracker/CVE-2013-2492
> > [1] http://tracker.firebirdsql.org/browse/CORE-4058
> > [2] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2492
>
> Dear security team,
>
> Please approve upload of firebird2.5 to stable-security with the
> attached (source) diff from the version currently in squeeze.
>
> Attached is also the binary debdiff, just in case. It contains only
> version number changes.
Please upload to security-master. The package needs to be build with
"-sa", since firebird is new in stable-security.
Is there a reason why firebird2.1 is still present in Wheezy in addition
to 2.5? Both were present in squeeze, so if it's needed for a migration
path that would already exist in stable.
Cheers,
Moritz
More information about the pkg-firebird-general
mailing list