Your message dated Wed, 27 Aug 2025 19:32:26 +0000
with message-id <[email protected]>
and subject line Bug#1111321: fixed in firebird3.0 3.0.11.33637.ds4-2+deb12u1
has caused the Debian Bug report #1111321,
regarding firebird3.0: CVE-2025-54989
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1111321: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111321
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: firebird4.0
Version: 4.0.5.3140.ds6-17
Severity: important
Tags: security upstream
Forwarded: https://github.com/FirebirdSQL/firebird/issues/8554
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: clone -1 -2
Control: reassign -2 src:firebird3.0 3.0.12.ds7-13
Control: retitle -2 firebird3.0: CVE-2025-54989
Hi,
The following vulnerability was published for firebird*.
CVE-2025-54989[0]:
| Firebird is a relational database. Prior to versions 3.0.13, 4.0.6,
| and 5.0.3, there is an XDR message parsing NULL pointer dereference
| denial-of-service vulnerability in Firebird. This specific flaw
| exists within the parsing of xdr message from client. It leads to
| NULL pointer dereference and DoS. This issue has been patched in
| versions 3.0.13, 4.0.6, and 5.0.3.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-54989
https://www.cve.org/CVERecord?id=CVE-2025-54989
[1] https://github.com/FirebirdSQL/firebird/issues/8554
[2]
https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7qp6-hqxj-pjjp
[3]
https://github.com/FirebirdSQL/firebird/commit/169da595f8693fc1a65a79c741724b1bc8db9f25
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: firebird3.0
Source-Version: 3.0.11.33637.ds4-2+deb12u1
Done: Adrian Bunk <[email protected]>
We believe that the bug you reported is fixed in the latest version of
firebird3.0, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Adrian Bunk <[email protected]> (supplier of updated firebird3.0 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 25 Aug 2025 12:20:39 +0300
Source: firebird3.0
Architecture: source
Version: 3.0.11.33637.ds4-2+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: Damyan Ivanov <[email protected]>
Changed-By: Adrian Bunk <[email protected]>
Closes: 1111321
Changes:
firebird3.0 (3.0.11.33637.ds4-2+deb12u1) bookworm; urgency=medium
.
* Non-maintainer upload.
* CVE-2025-54989: XDR Message Parsing NULL Pointer Dereference
(Closes: #1111321)
Checksums-Sha1:
6fb8c2ea6b8c31160bb9547e9ec61c88c5229b2d 2793
firebird3.0_3.0.11.33637.ds4-2+deb12u1.dsc
7984a888961123814f280ff119b5afef134420d1 3365564
firebird3.0_3.0.11.33637.ds4.orig.tar.xz
d161d3c51feaf0de977ad588b6df8d385c75e361 102204
firebird3.0_3.0.11.33637.ds4-2+deb12u1.debian.tar.xz
Checksums-Sha256:
dfda1d292f57c3145959235b6cf58453590b3a536d1a70b3a2052c3e401ad47f 2793
firebird3.0_3.0.11.33637.ds4-2+deb12u1.dsc
efbd621b553acf3ebf7c314c9f02c2a8427989510ce34c9406122fcc967f5f1a 3365564
firebird3.0_3.0.11.33637.ds4.orig.tar.xz
10be4107ae15efc637b5c0076f6a61b1c61c93ec8d3ab606d414a79b4d15a308 102204
firebird3.0_3.0.11.33637.ds4-2+deb12u1.debian.tar.xz
Files:
3285a1518971a25cfa4bf880dbb08e09 2793 database optional
firebird3.0_3.0.11.33637.ds4-2+deb12u1.dsc
de5cfc3c07ffecca3632eb9a2258a04a 3365564 database optional
firebird3.0_3.0.11.33637.ds4.orig.tar.xz
a278e6871dc5228a8fab61deb372a964 102204 database optional
firebird3.0_3.0.11.33637.ds4-2+deb12u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmisd2gACgkQiNJCh6LY
mLHvNA//dgEBfBxjePf+xmRBxKp9GjboPLZurRO2dVi3vBInQUFR6VS9QvnwxrB9
NpaghFFLAqYkaZrD3BjJ+f4UDXNeOIPkDOdT4sXAnGrhKT1vvPgEQtCd5TAodJuU
5o2a4jLGiR1yAGsMvfg4PNfFVcWBQGOtD5wPq5ASrnG2642ODIJJVEc1RpORp8Ih
SRdNJbhkxI8c8YiyXUkaSMlS5r5N6eVCJmV5uaz2M0zElg8zGX8e+tge0fz8SkIj
/6PLZAvURRvdtnkCMjUqsXzkJOSq+yDAmreQIjrqMIUlJzJY9v5npfmJ4WVZuss2
+Go5CQo/lUcf1ZJZ2EC21+JE/Xb8Sdx12J6F3zOU75txQQvcfmiM5CxLFm1prJEY
V78AmpISRJpydRsVMmTAOYPJB2d8kum01Ei2PuEPE8TtLQK+xtl1/sMFWDe1EjgR
D2/zJdpKW4y5YnLMav/Qkp2Rn/dLQxoHdKy8SJzVgru9Y46xcNGW5e7vvU2wobpD
9IeCdtPOouNlPmwBoY8x/CfB32DGEJEkVFzQtbnlUCgLlWySiJwrzkRc/F2BE4Sz
+AA5FB47byTm+yJDpRgLccAxoapBqkELnbTiWA6kGQho8sEyEl63ZCjWXxi09gV0
VsA1WOzYg4mm00U0/iuMNnuyrsCWhXrYpLQaHPe1k9ypBoyeRGU=
=hAJv
-----END PGP SIGNATURE-----
pgpaNRwQtZrRV.pgp
Description: PGP signature
--- End Message ---
