[pkg-firebird-general] Wheezy update of firebird2.5?
Damyan Ivanov
dmn at debian.org
Wed Apr 4 19:54:14 UTC 2018
-=| Chris Lamb, 04.04.2018 08:39:52 +0100 |=-
> Dear maintainer(s),
>
> The Debian LTS team would like to fix the security issues which are
> currently open in the Wheezy version of firebird2.5:
> https://security-tracker.debian.org/tracker/source-package/firebird2.5
>
> Would you like to take care of this yourself?
Sorry, no.
AFAIS, the only open vulnerability is CVE-2017-11509. Moritz from the
security team advised against updating that for stable, and the issue
is still open in unstable.
According to the researchers discovering it, upstream refused to fix
it :( so the only "fix" I am aware of is the change in the default
config to disable the vulnerable functionality. You can find the patch
for firebird3.0 at
https://salsa.debian.org/firebird-team/firebird3.0/commit/5ad1c64f67ce9f091a2b747fa54519ef7d144698
It is perhaps not directly applicable to firebid2.5, but should help
regardless.
Good luck!
More information about the pkg-firebird-general
mailing list