Your message dated Tue, 26 Aug 2025 22:03:14 +0000
with message-id <[email protected]>
and subject line Bug#1111321: fixed in firebird3.0 3.0.12.ds7-13+deb13u1
has caused the Debian Bug report #1111321,
regarding firebird3.0: CVE-2025-54989
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1111321: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111321
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: firebird4.0
Version: 4.0.5.3140.ds6-17
Severity: important
Tags: security upstream
Forwarded: https://github.com/FirebirdSQL/firebird/issues/8554
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: clone -1 -2
Control: reassign -2 src:firebird3.0 3.0.12.ds7-13
Control: retitle -2 firebird3.0: CVE-2025-54989
Hi,
The following vulnerability was published for firebird*.
CVE-2025-54989[0]:
| Firebird is a relational database. Prior to versions 3.0.13, 4.0.6,
| and 5.0.3, there is an XDR message parsing NULL pointer dereference
| denial-of-service vulnerability in Firebird. This specific flaw
| exists within the parsing of xdr message from client. It leads to
| NULL pointer dereference and DoS. This issue has been patched in
| versions 3.0.13, 4.0.6, and 5.0.3.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-54989
https://www.cve.org/CVERecord?id=CVE-2025-54989
[1] https://github.com/FirebirdSQL/firebird/issues/8554
[2]
https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7qp6-hqxj-pjjp
[3]
https://github.com/FirebirdSQL/firebird/commit/169da595f8693fc1a65a79c741724b1bc8db9f25
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: firebird3.0
Source-Version: 3.0.12.ds7-13+deb13u1
Done: Adrian Bunk <[email protected]>
We believe that the bug you reported is fixed in the latest version of
firebird3.0, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Adrian Bunk <[email protected]> (supplier of updated firebird3.0 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 25 Aug 2025 12:04:01 +0300
Source: firebird3.0
Architecture: source
Version: 3.0.12.ds7-13+deb13u1
Distribution: trixie
Urgency: medium
Maintainer: Damyan Ivanov <[email protected]>
Changed-By: Adrian Bunk <[email protected]>
Closes: 1111321
Changes:
firebird3.0 (3.0.12.ds7-13+deb13u1) trixie; urgency=medium
.
* Non-maintainer upload.
* CVE-2025-54989: XDR Message Parsing NULL Pointer Dereference
(Closes: #1111321)
Checksums-Sha1:
b686201f89333ef109a2936a2af3c51c32f86cf6 2664
firebird3.0_3.0.12.ds7-13+deb13u1.dsc
181314aeb89fc978cf8d168a24749b9e18592afe 109916
firebird3.0_3.0.12.ds7-13+deb13u1.debian.tar.xz
Checksums-Sha256:
6ae6ca270463a84ca32d1f09c659cd82220c0ec3e1defb3e0ec74541c739de42 2664
firebird3.0_3.0.12.ds7-13+deb13u1.dsc
b1cd74cd6352cb63bf070f320b3533e013d89080a2ef571fbf0619ed0b2526a5 109916
firebird3.0_3.0.12.ds7-13+deb13u1.debian.tar.xz
Files:
e8977c66972e83206ccd231be4870204 2664 database optional
firebird3.0_3.0.12.ds7-13+deb13u1.dsc
55c1fc869b2e3b3cdb8fad49b18b8527 109916 database optional
firebird3.0_3.0.12.ds7-13+deb13u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmisduwACgkQiNJCh6LY
mLGiqA//Zks/fiGxwXR7Rt41k01XNIDEcI4L/PvkOwRg7fpweoioJiMM8szHm/aK
I2qo1iG1/hOru7FELipwI3E4riUNf+OkUdz8VY1j6ASYbsZdrinz30vMmuOwurYw
3GFaJaKVNcH7V7ZLsEyOd0CEXY7tVeUt89tCc95DQ77FVhiIbOh6WiAWlk/6+WjY
N0gHw7pUcV/0BNnkyjnTOosOyl1QbwNOvU/h6S4O2MsiTesbwomAAo69X6teSB4G
bD+J1MaWuEpCoSVIw0jahMX6bKZqRtxgWLrBWLEFm8oG9bSn6qtWCy0jN8T/fpTO
PtLl9T05oOAklAtpkgtryNgOzj0f2zdOO6XYII91KYUUKVTRT/qqDZuk6cjmPGQj
iHQyOSSNYLDhRRpHiMOCyvIumoUzrnuIUggFLg36B+oGYpYOjVv8GwagxQrusrMB
7ErjFmgUy1DVonuLxP8Y3boh1IQt/1YbdIz/pxScvKcd9QuH3jy1TPxnMD6n1hbU
jspC1EcnFBj08Xpqgz1iMJ2BFP/AgRwO1x3GARo7eCgVwCXcAqYGbF025QAmRSoN
Vworsa7aUHETpPNtH/la2UiVv7dlSokKSF71besXW/H8Qxy/mYpmQfttva9YaOw+
r7ptQH6IN4wfUF9q9OTDo9cK/nt59zLJtd4yhEYxMnhlkG4yLZc=
=Ql2A
-----END PGP SIGNATURE-----
pgpRyNjmoBAAX.pgp
Description: PGP signature
--- End Message ---
