Your message dated Sun, 17 Aug 2025 15:05:32 +0000
with message-id <[email protected]>
and subject line Bug#1111321: fixed in firebird3.0 3.0.13.ds7-1
has caused the Debian Bug report #1111321,
regarding firebird3.0: CVE-2025-54989
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1111321: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111321
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: firebird4.0
Version: 4.0.5.3140.ds6-17
Severity: important
Tags: security upstream
Forwarded: https://github.com/FirebirdSQL/firebird/issues/8554
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: clone -1 -2
Control: reassign -2 src:firebird3.0 3.0.12.ds7-13
Control: retitle -2 firebird3.0: CVE-2025-54989
Hi,
The following vulnerability was published for firebird*.
CVE-2025-54989[0]:
| Firebird is a relational database. Prior to versions 3.0.13, 4.0.6,
| and 5.0.3, there is an XDR message parsing NULL pointer dereference
| denial-of-service vulnerability in Firebird. This specific flaw
| exists within the parsing of xdr message from client. It leads to
| NULL pointer dereference and DoS. This issue has been patched in
| versions 3.0.13, 4.0.6, and 5.0.3.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-54989
https://www.cve.org/CVERecord?id=CVE-2025-54989
[1] https://github.com/FirebirdSQL/firebird/issues/8554
[2]
https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7qp6-hqxj-pjjp
[3]
https://github.com/FirebirdSQL/firebird/commit/169da595f8693fc1a65a79c741724b1bc8db9f25
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: firebird3.0
Source-Version: 3.0.13.ds7-1
Done: Damyan Ivanov <[email protected]>
We believe that the bug you reported is fixed in the latest version of
firebird3.0, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Damyan Ivanov <[email protected]> (supplier of updated firebird3.0 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 17 Aug 2025 14:17:47 +0000
Source: firebird3.0
Architecture: source
Version: 3.0.13.ds7-1
Distribution: unstable
Urgency: medium
Maintainer: Damyan Ivanov <[email protected]>
Changed-By: Damyan Ivanov <[email protected]>
Closes: 1111321
Changes:
firebird3.0 (3.0.13.ds7-1) unstable; urgency=medium
.
* New upstream version 3.0.13.ds7
Closes: #1111321 (CVE-2025-54989)
* drop patches released upstream
* refresh two patches to apply cleanly
* add Author to out/kfreebsd-sse4.patch
* declare conformance with Policy 4.7.2 (no changes needed)
* disable pristine-tar in gbp.conf
* drop debian/source/local-options
Checksums-Sha1:
5d8ac9a5ac661d5d9a5559c1bfdaf7b3e3422502 2909 firebird3.0_3.0.13.ds7-1.dsc
64345b6099dd099b612dddd0275071dbe903ea21 3391272
firebird3.0_3.0.13.ds7.orig.tar.xz
95fa37db9ffa649be1d879888b2d3ab3fe0e1241 108428
firebird3.0_3.0.13.ds7-1.debian.tar.xz
a17e4dba771255af90e132d224e9cae11ae22942 9094436
firebird3.0_3.0.13.ds7-1.git.tar.xz
864b552a4d41c0ea3533cfdca3a3f521308a72b0 18090
firebird3.0_3.0.13.ds7-1_source.buildinfo
Checksums-Sha256:
87f72a241d50fce822a18724609deb8bd4dc998c8f0bf2d07dc2cb7e4e648570 2909
firebird3.0_3.0.13.ds7-1.dsc
de3369a9992b2769fa838f9cce620bdf2f9a7006cce2ee778d0eb99c986559e0 3391272
firebird3.0_3.0.13.ds7.orig.tar.xz
bf5962da7bff9dc5a6a201a3e488e99d0bb3624be28ca01d4966c87bc06131f3 108428
firebird3.0_3.0.13.ds7-1.debian.tar.xz
dd5e85421568a584d1f839c7f33a006d463bd1a0b471521398dd10e2ef4d7a30 9094436
firebird3.0_3.0.13.ds7-1.git.tar.xz
4781d4f1dda025f9d39e62411ecd6391911b8f9a24468e091b940c5eb600b91c 18090
firebird3.0_3.0.13.ds7-1_source.buildinfo
Files:
04fb458996c7985583767fa63f780bc1 2909 database optional
firebird3.0_3.0.13.ds7-1.dsc
c85853e29d544a2729e69fe2e5b5f960 3391272 database optional
firebird3.0_3.0.13.ds7.orig.tar.xz
e4524cd73d9aabf81eaee88ab2617622 108428 database optional
firebird3.0_3.0.13.ds7-1.debian.tar.xz
d765ff8303d0f0fa9ee49f5cedbf50a3 9094436 database optional
firebird3.0_3.0.13.ds7-1.git.tar.xz
7294dabe2c5f023624b95faf6a460d37 18090 database optional
firebird3.0_3.0.13.ds7-1_source.buildinfo
Git-Tag-Info: tag=f81323f9a54cc04519dd91bf6249d83acd7459b7
fp=aea0c44ecb056e93630d9d33dbbe9d4d99d2a004
Git-Tag-Tagger: Damyan Ivanov <[email protected]>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEN02M5NuW6cvUwJcqYG0ITkaDwHkFAmih6HwACgkQYG0ITkaD
wHnILA/8CT5HzIlVF/3cFv4gtORRpaI3CQVA5p7wuc1zJZJdCYOmMU/R7zJDpOQy
u2dE8OPGxW+FicOTlOOLSQfD/gjsciCDHAXirdr6UGDtHDDDAP081ZhRmZLs5M7l
pZSuixcxWTiI/RXuBddA8HSIVDXu2Yrs8o7m+14ncoChSiezLcnEH+/NQ04evjsy
PNxtFSoWPFhtdxFRIzDl6EknzTxYSa8YTekUtZlUBI3EjhxHSioWqMZCnUxpr030
IRuoPBdyQ+sZMIF2M5qs6HC6bCjB7Prmz6/faeg0CIx4YtAtGRbXeFGBPQgfkkP0
DGuTnpMsP1BV448kItGJP9C5kWDRs05QuZslZ72zq4F56swd0ViTxi8WqAT5KUKV
YVrl69st/nTxf/VoQcHnpq5vv2TfkIvlPs88Oz8Nx2aIGUhV/rNZUm00tJasTz1J
qs/Kivo083Pv2x/jSoHHS8HZFI3cPLk6kJTLle7hNCc4kepl3kX88Zv1Shhjb14f
yt5pFxHoN/tZbgbuS5x7a5haABiV9PiUlvpvFf3XgvRdKF33ZP2wjLbL5gQGUlbY
vrX5rSOqYPdzaCNJihlQ9Er1w/eWyJVJceYWP+JBF2QXyCN1vXCsOoUMHfdtZ6bJ
BC91AO9lVK39U1+SNO1MeRHCb0+Ldna9f2qdDYeJp9TvB5yTp1c=
=GO65
-----END PGP SIGNATURE-----
pgpV35SxYBfSq.pgp
Description: PGP signature
--- End Message ---
