[pkg-firebird-general] Bug#772880: src:firebird2.5: Unauthenticated remote server crash
Debian BTS
debbugs at buxtehude.debian.org
Thu Dec 11 22:06:06 UTC 2014
Version 2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1
Reply-To: Damyan Ivanov <dmn at debian.org>, 772880 at bugs.debian.org
Resent-From: Damyan Ivanov <dmn at debian.org>
Resent-To: debian-bugs-dist at lists.debian.org
Resent-CC: team at security.debian.org, secure-testing-team at lists.alioth.debian.org, Debian Firebird Group <pkg-firebird-general at lists.alioth.debian.org>
X-Loop: owner at bugs.debian.org
Resent-Date: Thu, 11 Dec 2014 22:06:01 +0000
Resent-Message-ID: <handler.772880.B.141833541628756 at bugs.debian.org>
Resent-Sender: owner at bugs.debian.org
X-Debian-PR-Message: report 772880
X-Debian-PR-Package: src:firebird2.5
X-Debian-PR-Keywords: patch security upstream
X-Debian-PR-Source: firebird2.5
Received: via spool by submit at bugs.debian.org id=B.141833541628756
(code B); Thu, 11 Dec 2014 22:06:01 +0000
Received: (at submit) by bugs.debian.org; 11 Dec 2014 22:03:36 +0000
X-Spam-Checker-Version: SpamAssassin 3.3.2-bugs.debian.org_2005_01_02
(2011-06-06) on buxtehude.debian.org
X-Spam-Level:
X-Spam-Status: No, score=-15.9 required=4.0 tests=BAYES_00,FOURLA,
FROMDEVELOPER,HAS_PACKAGE,MURPHY_DRUGS_REL8,UNPARSEABLE_RELAY,
XMAILER_REPORTBUG,X_DEBBUGS_CC autolearn=ham
version=3.3.2-bugs.debian.org_2005_01_02
X-Spam-Bayes: score:0.0000 Tokens: new, 15; hammy, 150; neutral, 58; spammy,
1. spammytokens:0.982-+--browse hammytokens:0.000-+--systemd,
0.000-+--H*M:reportbug, 0.000-+--H*MI:reportbug, 0.000-+--H*x:reportbug,
0.000-+--H*UA:reportbug
Received: from nose.ktnx.net ([84.40.112.70])
by buxtehude.debian.org with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128)
(Exim 4.80)
(envelope-from <dmn at debian.org>)
id 1XzBpg-0007TR-By
for submit at bugs.debian.org; Thu, 11 Dec 2014 22:03:36 +0000
Received: from [192.168.0.105] (helo=dltp)
by nose.ktnx.net with esmtps (TLS1.0:ECDHE_RSA_AES_256_CBC_SHA1:256)
(Exim 4.84)
(envelope-from <dmn at debian.org>)
id 1XzBpE-0002aa-K5
for submit at bugs.debian.org; Fri, 12 Dec 2014 00:03:33 +0200
Received: from dam (uid 1000)
(envelope-from dmn at debian.org)
id 17a042c
by dltp (DragonFly Mail Agent v0.9);
Thu, 11 Dec 2014 22:03:02 +0000
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="UTF-8"
From: Damyan Ivanov <dmn at debian.org>
To: Debian Bug Tracking System <submit at bugs.debian.org>
Message-ID: <20141211220302.7443.39769.reportbug at dltp>
X-Mailer: reportbug 6.6.1
Date: Thu, 11 Dec 2014 22:03:02 +0000
Delivered-To: submit at bugs.debian.org
Package: src:firebird2.5
Severity: important
Tags: security upstream patch
Forwarded: http://tracker.firebirdsql.org/browse/CORE-4630
According to upstream¹, firebird server versions prior to 3.0 can be
tricked to a null pointer dereference by an unauthenticated remote
client.
1: http://www.firebirdsql.org/en/news/security-updates-for-v2-1-and-v2-5-series-66011/
The fix is contained in revision 60322² of upstream's subversion
repository.
2: https://sourceforge.net/p/firebird/code/60322/
-- dam
-- System Information:
Debian Release: 8.0
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=bg_BG.UTF-8, LC_CTYPE=bg_BG.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
More information about the pkg-firebird-general
mailing list