Your message dated Sun, 17 Aug 2025 19:54:19 +0000
with message-id <[email protected]>
and subject line Bug#1111320: fixed in firebird4.0 4.0.6.3221.ds6-1
has caused the Debian Bug report #1111320,
regarding firebird4.0: CVE-2025-54989
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1111320: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111320
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: firebird4.0
Version: 4.0.5.3140.ds6-17
Severity: important
Tags: security upstream
Forwarded: https://github.com/FirebirdSQL/firebird/issues/8554
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: clone -1 -2
Control: reassign -2 src:firebird3.0 3.0.12.ds7-13
Control: retitle -2 firebird3.0: CVE-2025-54989
Hi,
The following vulnerability was published for firebird*.
CVE-2025-54989[0]:
| Firebird is a relational database. Prior to versions 3.0.13, 4.0.6,
| and 5.0.3, there is an XDR message parsing NULL pointer dereference
| denial-of-service vulnerability in Firebird. This specific flaw
| exists within the parsing of xdr message from client. It leads to
| NULL pointer dereference and DoS. This issue has been patched in
| versions 3.0.13, 4.0.6, and 5.0.3.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-54989
https://www.cve.org/CVERecord?id=CVE-2025-54989
[1] https://github.com/FirebirdSQL/firebird/issues/8554
[2]
https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7qp6-hqxj-pjjp
[3]
https://github.com/FirebirdSQL/firebird/commit/169da595f8693fc1a65a79c741724b1bc8db9f25
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: firebird4.0
Source-Version: 4.0.6.3221.ds6-1
Done: Damyan Ivanov <[email protected]>
We believe that the bug you reported is fixed in the latest version of
firebird4.0, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Damyan Ivanov <[email protected]> (supplier of updated firebird4.0 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 17 Aug 2025 19:24:26 +0000
Source: firebird4.0
Architecture: source
Version: 4.0.6.3221.ds6-1
Distribution: unstable
Urgency: medium
Maintainer: Damyan Ivanov <[email protected]>
Changed-By: Damyan Ivanov <[email protected]>
Closes: 1111320 1111322
Changes:
firebird4.0 (4.0.6.3221.ds6-1) unstable; urgency=medium
.
* rename default branch to debian/unstable
* turn off pristine-tar in gbp.conf
* rename upstream branch to upstream/latest
* New upstream version 4.0.6.3221.ds6
Closes: #1111320 (CVE-2025-54989)
Closes: #1111322 (CVE-2025-24975)
* rebase and refresh patches
* drop debian/source/local-options
* declare conformance with Policy 4.7.2 (no changes needed)
* declare origin of upstream/std-c++-17.patch
Checksums-Sha1:
e0850c75036ccba2fa5df84ab4648dda3f70d69a 3141 firebird4.0_4.0.6.3221.ds6-1.dsc
7f3a1620172da7b94edaad831ec26aa803c2980d 3933896
firebird4.0_4.0.6.3221.ds6.orig.tar.xz
84755dd7f8f7ad4c4e6fb75ae1bfd6c85d8bd442 101724
firebird4.0_4.0.6.3221.ds6-1.debian.tar.xz
a9bb3f976a75b28d617dca35bd853c698db28bdc 10807704
firebird4.0_4.0.6.3221.ds6-1.git.tar.xz
1eba16abea8f6697aae4dd882dc8ed9a23fa8451 18106
firebird4.0_4.0.6.3221.ds6-1_source.buildinfo
Checksums-Sha256:
db4266de977a3bf77ea830d8177acfeadbbbde76c9767557eca38d4247eae77b 3141
firebird4.0_4.0.6.3221.ds6-1.dsc
56db88c174f3b41b145f493e912954dcdb88ed3eb898a26ec282a5e3b56b19a3 3933896
firebird4.0_4.0.6.3221.ds6.orig.tar.xz
aa1c42aa4cc2b1cf17ab49efc29aa90ea7109da683d9484096ae6c3f2438e4a2 101724
firebird4.0_4.0.6.3221.ds6-1.debian.tar.xz
c5cc238db9eee13aca4d5c78d25f9d6bab84ec459e1689578c6c6eb7e8577a22 10807704
firebird4.0_4.0.6.3221.ds6-1.git.tar.xz
bf8c5227252051dd46f16f2ee739b48e1e5d16809e59b570079b0a33b87b49d0 18106
firebird4.0_4.0.6.3221.ds6-1_source.buildinfo
Files:
c51f01c0e364104a4b0cc46afb5dc879 3141 database optional
firebird4.0_4.0.6.3221.ds6-1.dsc
4e6abecbcb43b3dd12560ad6cab79812 3933896 database optional
firebird4.0_4.0.6.3221.ds6.orig.tar.xz
bb00c83ebf23237eb47c355c7ffdeb43 101724 database optional
firebird4.0_4.0.6.3221.ds6-1.debian.tar.xz
d96b8a58bc037212dd61f7f7b37870a8 10807704 database optional
firebird4.0_4.0.6.3221.ds6-1.git.tar.xz
14aa13ba60044de6b284327f5d883e56 18106 database optional
firebird4.0_4.0.6.3221.ds6-1_source.buildinfo
Git-Tag-Info: tag=b010947107dd29484a688e4923f1dfe98df56758
fp=aea0c44ecb056e93630d9d33dbbe9d4d99d2a004
Git-Tag-Tagger: Damyan Ivanov <[email protected]>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEN02M5NuW6cvUwJcqYG0ITkaDwHkFAmiiL+YACgkQYG0ITkaD
wHmWPBAA3hqpkWALJrdIEcDVcA2lBxoB2Rpvaee7GIe9z8iiPwR8OnFrnfEVUTMt
ialQXBIZFI/zJgv+CflG3bAjnVKqZq2FqnjfWVqpV/zdjNK6EA2KOzgq7z4Vck3I
kA/ilj76DfTpVP4BifkuLefgQBumvTHNslVWJk8WG2dVdl74Iohae1cg4ChJct9q
sK/Q9bVjhZA7qLJpbecd7BSe5Z+r1DbkC83koN9RU2U+P9KzCS+EWwxkMmcfN7+Y
PqRSpGwXYhlOyZnTckEiWQkGZeW5vJ94IW+ZzoNUfD8x3FASc1Tdlsl+kDtMV0Sl
lJgXl6nntQzNQpHl3zdRo1Ok2uSSx6TFAj5tZPkF22J2kC3KxDtGTcSVSc24TviS
taDKXC25C9puV8/gdskSXdpQ/+BzlDEhHgxO2oYM9KL1sgooeroI7QPvgNCFHdRo
tE/ej1XCYj0IDcFY8qDLKcnvKoW/LpWM30IclGyNfN6P7y9srETJ/qfK13+QZt2L
rU5pQzwzq/UQkRQlSBqg2HyJPF11XOdMv5zF7h5FIDRMWtB7jH7fZYSsfn7MQdLq
uomeF7Xzdm5tg3zCXonOympVCKdLDHEohaYgnDbBX1aKjY72+yczPs1Y/Ejg5Wio
+wAlR4/smCqfhwoR7XevC0FBep0Q5cbdPoC4Iub/x+WXjLSkGBE=
=zmo0
-----END PGP SIGNATURE-----
pgpJ5qhjuYTis.pgp
Description: PGP signature
--- End Message ---
