Bug#460048: marked as done (Garbage data in the incoming remote packet may crash the server)

Debian Bug Tracking System Tue, 29 Jan 2008 09:41:43 -0800

Your message dated Tue, 29 Jan 2008 17:17:05 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#460048: fixed in firebird2.0 2.0.3.12981.ds1-1+lenny1
has caused the attached Bug report to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---

Package: firebird2.0
Version: 2.0.3.12981.ds1-1
Severity: normal
Tags: security

This was reported to the upstream's bug tracker[1]

> If some kinds of remote packets contain wrong (garbage) data, it may
> cause an invalid memory access inside the server, forcing a crash.

There's also a patch that should be appliable to the 2.0.3 sources. (and
yes, I am working on including it)

[1] 
http://tracker.firebirdsql.org/browse/CORE-1681?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

-- System Information:
Debian Release: lenny/sid
  APT prefers oldstable
  APT policy: (500, 'oldstable'), (500, 'unstable'), (500, 'testing'), (500, 
'stable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.23-1-686 (SMP w/2 CPU cores)
Locale: LANG=bg_BG.UTF-8, LC_CTYPE=bg_BG.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

--- End Message ---

--- Begin Message ---

Source: firebird2.0
Source-Version: 2.0.3.12981.ds1-1+lenny1

We believe that the bug you reported is fixed in the latest version of
firebird2.0, which is due to be installed in the Debian FTP archive:

firebird-utils_2.0.3.12981.ds1-1+lenny1_all.deb
  to pool/main/f/firebird2.0/firebird-utils_2.0.3.12981.ds1-1+lenny1_all.deb
firebird2.0-classic_2.0.3.12981.ds1-1+lenny1_i386.deb
  to 
pool/main/f/firebird2.0/firebird2.0-classic_2.0.3.12981.ds1-1+lenny1_i386.deb
firebird2.0-common_2.0.3.12981.ds1-1+lenny1_i386.deb
  to 
pool/main/f/firebird2.0/firebird2.0-common_2.0.3.12981.ds1-1+lenny1_i386.deb
firebird2.0-dev_2.0.3.12981.ds1-1+lenny1_all.deb
  to pool/main/f/firebird2.0/firebird2.0-dev_2.0.3.12981.ds1-1+lenny1_all.deb
firebird2.0-doc_2.0.3.12981.ds1-1+lenny1_all.deb
  to pool/main/f/firebird2.0/firebird2.0-doc_2.0.3.12981.ds1-1+lenny1_all.deb
firebird2.0-examples_2.0.3.12981.ds1-1+lenny1_all.deb
  to 
pool/main/f/firebird2.0/firebird2.0-examples_2.0.3.12981.ds1-1+lenny1_all.deb
firebird2.0-super_2.0.3.12981.ds1-1+lenny1_i386.deb
  to pool/main/f/firebird2.0/firebird2.0-super_2.0.3.12981.ds1-1+lenny1_i386.deb
firebird2.0_2.0.3.12981.ds1-1+lenny1.diff.gz
  to pool/main/f/firebird2.0/firebird2.0_2.0.3.12981.ds1-1+lenny1.diff.gz
firebird2.0_2.0.3.12981.ds1-1+lenny1.dsc
  to pool/main/f/firebird2.0/firebird2.0_2.0.3.12981.ds1-1+lenny1.dsc
libfbclient2_2.0.3.12981.ds1-1+lenny1_i386.deb
  to pool/main/f/firebird2.0/libfbclient2_2.0.3.12981.ds1-1+lenny1_i386.deb
libfbembed2_2.0.3.12981.ds1-1+lenny1_i386.deb
  to pool/main/f/firebird2.0/libfbembed2_2.0.3.12981.ds1-1+lenny1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Nico Golde <[EMAIL PROTECTED]> (supplier of updated firebird2.0 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Wed, 23 Jan 2008 13:08:10 +0100
Source: firebird2.0
Binary: firebird-utils libfbembed2 firebird2.0-dev firebird2.0-doc libfbclient2 
firebird2.0-classic firebird2.0-common firebird2.0-super firebird2.0-examples
Architecture: source all i386
Version: 2.0.3.12981.ds1-1+lenny1
Distribution: testing-security
Urgency: high
Maintainer: Debian Firebird Group <[EMAIL PROTECTED]>
Changed-By: Nico Golde <[EMAIL PROTECTED]>
Description: 
 firebird-utils - manager for multiple Firebird utilities versions
 firebird2.0-classic - Firebird Classic Server - an RDBMS based on InterBase 
6.0 code
 firebird2.0-common - common files for firebird 2.0 servers and clients
 firebird2.0-dev - Development files for Firebird - an RDBMS based on InterBase 
6.0 
 firebird2.0-doc - Documentation files for firebird database version 2.0
 firebird2.0-examples - Examples for Firebird - an RDBMS based on InterBase 6.0 
code
 firebird2.0-super - Firebird Super Server - an RDBMS based on InterBase 6.0 
code
 libfbclient2 - Firebird client library
 libfbembed2 - Firebird embedded client/server library
Closes: 460048
Changes: 
 firebird2.0 (2.0.3.12981.ds1-1+lenny1) testing-security; urgency=high
 .
   * Non-maintainer upload by security team.
   * Add cvs-security-remote-crash.patch (Closes: #460048)
     - Garbage data in incoming remote paket may crash the server,
       CVE id pending.
Files: 
 5ec8ed91c53d1b90f99348287f9fb7c5 1050 misc optional 
firebird2.0_2.0.3.12981.ds1-1+lenny1.dsc
 635360c67963099772207cf54ad096fc 7019232 misc optional 
firebird2.0_2.0.3.12981.ds1.orig.tar.gz
 ccb80620144786ba55189dbdcba21cc6 399118 misc optional 
firebird2.0_2.0.3.12981.ds1-1+lenny1.diff.gz
 3af34e413749e872c9b00eea2317cf01 392620 utils optional 
firebird-utils_2.0.3.12981.ds1-1+lenny1_all.deb
 efffe5e0c35b24203ad82de6ab8c882c 435046 libdevel optional 
firebird2.0-dev_2.0.3.12981.ds1-1+lenny1_all.deb
 466533eaba739613fab6c68bd288ed68 533088 doc optional 
firebird2.0-examples_2.0.3.12981.ds1-1+lenny1_all.deb
 b057bae23dd65b108e5b7375f3efd950 1239474 doc optional 
firebird2.0-doc_2.0.3.12981.ds1-1+lenny1_all.deb
 91e33d28f9b4395c52f94306853ffea3 2814980 misc optional 
firebird2.0-super_2.0.3.12981.ds1-1+lenny1_i386.deb
 af71deaafc0dd5b154dc75e163fe9fd7 1678972 misc extra 
firebird2.0-classic_2.0.3.12981.ds1-1+lenny1_i386.deb
 e3da24335c03d2fa9eb01c8270458ca6 609600 libs optional 
libfbclient2_2.0.3.12981.ds1-1+lenny1_i386.deb
 933ca5195c03a75fe9f4487b47ff40f1 1469654 libs optional 
libfbembed2_2.0.3.12981.ds1-1+lenny1_i386.deb
 b567c8b65e92b0d3a47db07b7db12810 892784 misc optional 
firebird2.0-common_2.0.3.12981.ds1-1+lenny1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHmePhHYflSXNkfP8RAlNpAKCcM59WoTu6uPwlXXOZLMdhKWAf3gCguKJP
JmTxd/AxQSE3EPTpHZeia0Y=
=g4NM
-----END PGP SIGNATURE-----

--- End Message ---

Bug#460048: marked as done (Garbage data in the incoming remote packet may crash the server)

Reply via email to