Your message dated Sat, 30 Aug 2025 20:32:10 +0000
with message-id <[email protected]>
and subject line Bug#1111320: fixed in firebird4.0 4.0.5.3140.ds6-17+deb13u1
has caused the Debian Bug report #1111320,
regarding firebird4.0: CVE-2025-54989
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1111320: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111320
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: firebird4.0
Version: 4.0.5.3140.ds6-17
Severity: important
Tags: security upstream
Forwarded: https://github.com/FirebirdSQL/firebird/issues/8554
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: clone -1 -2
Control: reassign -2 src:firebird3.0 3.0.12.ds7-13
Control: retitle -2 firebird3.0: CVE-2025-54989
Hi,
The following vulnerability was published for firebird*.
CVE-2025-54989[0]:
| Firebird is a relational database. Prior to versions 3.0.13, 4.0.6,
| and 5.0.3, there is an XDR message parsing NULL pointer dereference
| denial-of-service vulnerability in Firebird. This specific flaw
| exists within the parsing of xdr message from client. It leads to
| NULL pointer dereference and DoS. This issue has been patched in
| versions 3.0.13, 4.0.6, and 5.0.3.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-54989
https://www.cve.org/CVERecord?id=CVE-2025-54989
[1] https://github.com/FirebirdSQL/firebird/issues/8554
[2]
https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7qp6-hqxj-pjjp
[3]
https://github.com/FirebirdSQL/firebird/commit/169da595f8693fc1a65a79c741724b1bc8db9f25
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: firebird4.0
Source-Version: 4.0.5.3140.ds6-17+deb13u1
Done: Damyan Ivanov <[email protected]>
We believe that the bug you reported is fixed in the latest version of
firebird4.0, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Damyan Ivanov <[email protected]> (supplier of updated firebird4.0 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 25 Aug 2025 13:51:42 +0000
Source: firebird4.0
Binary: firebird-dev firebird-utils firebird4.0-common firebird4.0-common-doc
firebird4.0-doc firebird4.0-examples firebird4.0-server firebird4.0-server-core
firebird4.0-server-core-dbgsym firebird4.0-server-dbgsym firebird4.0-utils
firebird4.0-utils-dbgsym libfbclient2 libfbclient2-dbgsym libib-util
libib-util-dbgsym
Architecture: source amd64 all
Version: 4.0.5.3140.ds6-17+deb13u1
Distribution: trixie-security
Urgency: medium
Maintainer: Damyan Ivanov <[email protected]>
Changed-By: Damyan Ivanov <[email protected]>
Description:
firebird-dev - Development files for Firebird
firebird-utils - Firebird command line utilities wrapper
firebird4.0-common - common files for firebird 4.0 server, client and utilities
firebird4.0-common-doc - copyright, licensing and changelogs of firebird4.0
firebird4.0-doc - Documentation files for firebird database version 4.0
firebird4.0-examples - Examples for Firebird database
firebird4.0-server - Firebird Server - an RDBMS based on InterBase 6.0 code
firebird4.0-server-core - Firebird engine core
firebird4.0-utils - Firebird command line utilities
libfbclient2 - Firebird client library
libib-util - Firebird UDF support library
Closes: 1111320 1111322
Changes:
firebird4.0 (4.0.5.3140.ds6-17+deb13u1) trixie-security; urgency=medium
.
* cherry pick fix for CVE-2025-54989 from upstream (Closes: #1111320)
* cherry pick fix for CVE-2025-24975 from upstream (Closes: #1111322)
* switch debian-branch to debian/trixie-security in gbp.conf
Checksums-Sha1:
a2ff97fb97f4308367467d98140105e4674f69aa 2892
firebird4.0_4.0.5.3140.ds6-17+deb13u1.dsc
042a61a0170c2e1a89008fbe9fe8bd2eeaf73bbd 3965400
firebird4.0_4.0.5.3140.ds6.orig.tar.xz
1d791e90f5b81681ee703025cf510ceb4ec654b1 105828
firebird4.0_4.0.5.3140.ds6-17+deb13u1.debian.tar.xz
f4e659437f77e31b3edd1218080db65751650722 147668
firebird-dev_4.0.5.3140.ds6-17+deb13u1_amd64.deb
a1e044b6c5e636bc2a7248e12c1b9e8e52100970 3772
firebird-utils_4.0.5.3140.ds6-17+deb13u1_all.deb
be204a10b72c8d39d104f5e398cfc4e4c9263717 57268
firebird4.0-common-doc_4.0.5.3140.ds6-17+deb13u1_all.deb
45625699b573e88b8852a8f74e70071a2ad6076a 18140
firebird4.0-common_4.0.5.3140.ds6-17+deb13u1_all.deb
0768469e6744514d7174cc95dd108502ee784f4c 183504
firebird4.0-doc_4.0.5.3140.ds6-17+deb13u1_all.deb
110f1997aa02384ab6567f8c80ed3e888a709f5c 387556
firebird4.0-examples_4.0.5.3140.ds6-17+deb13u1_all.deb
ad057b07d5e0e90ed0f56a68aee451bc98c201f6 65928428
firebird4.0-server-core-dbgsym_4.0.5.3140.ds6-17+deb13u1_amd64.deb
dfe05ee3ec7ef7a37df4350862eb63fc90618276 3539500
firebird4.0-server-core_4.0.5.3140.ds6-17+deb13u1_amd64.deb
544d84ea0dd3c66c3897b0a207bd387f492c25bc 9004796
firebird4.0-server-dbgsym_4.0.5.3140.ds6-17+deb13u1_amd64.deb
0a1b7df44bbd2f174d13f286708257b865504150 658560
firebird4.0-server_4.0.5.3140.ds6-17+deb13u1_amd64.deb
8bb86460ee51d784b1d02a3936c99b59ca99d893 20815280
firebird4.0-utils-dbgsym_4.0.5.3140.ds6-17+deb13u1_amd64.deb
896fc355fb08ec8dc4aa943ed7e7146693a54fde 1359924
firebird4.0-utils_4.0.5.3140.ds6-17+deb13u1_amd64.deb
3ead5a20a77b071ee0129296cae990187232e45b 12008
firebird4.0_4.0.5.3140.ds6-17+deb13u1_amd64.buildinfo
e66cb5bb47a83397102c038a6f4ae7e6aa82af26 7636956
libfbclient2-dbgsym_4.0.5.3140.ds6-17+deb13u1_amd64.deb
c8489de75f9e8982ae4959700bd8f848ee82db6b 824308
libfbclient2_4.0.5.3140.ds6-17+deb13u1_amd64.deb
582df043166ccbf856de4ac04d77a72bfa51eedf 25340
libib-util-dbgsym_4.0.5.3140.ds6-17+deb13u1_amd64.deb
c5f6331a151bb04c13a0a406828679d25a48bcaf 3220
libib-util_4.0.5.3140.ds6-17+deb13u1_amd64.deb
Checksums-Sha256:
ecdadc59e3b1f49e926247697868bd8e860694d74e55a68d4c594acb44856ed0 2892
firebird4.0_4.0.5.3140.ds6-17+deb13u1.dsc
a76dbeaa247f70ff69c52c5a35260d9989a100de10516ab7bf0fc1d6b1528f90 3965400
firebird4.0_4.0.5.3140.ds6.orig.tar.xz
732434fe8d0bb0c3c91a82705cf73d73e30451774c8b5f73721779ab502f62ba 105828
firebird4.0_4.0.5.3140.ds6-17+deb13u1.debian.tar.xz
953f02cf9ae42951325fa9a9e134424e0a81012d381af6ad1aba2b7d6e4e59a9 147668
firebird-dev_4.0.5.3140.ds6-17+deb13u1_amd64.deb
c4418b08890cd2ec319dade533f63a15fe88466f8354c6f35aed32c1ed8bd24b 3772
firebird-utils_4.0.5.3140.ds6-17+deb13u1_all.deb
01b52e1a8a3dcfb8a244668b20c280b575e11851b6dbce08c0f72f8d14fdaf4a 57268
firebird4.0-common-doc_4.0.5.3140.ds6-17+deb13u1_all.deb
79cb1ee9cbfeee322c3e262f52e3197aa2aee34a4f0b2640a373931eb98e3d40 18140
firebird4.0-common_4.0.5.3140.ds6-17+deb13u1_all.deb
a5803672bbf2e14f0dc9922e8f58971b66e8a5936813c73e8932516254567ef9 183504
firebird4.0-doc_4.0.5.3140.ds6-17+deb13u1_all.deb
dc46983fb4e6aa9e7910eb46009ee429f8a88c20ad722d833441b4d44b0b55db 387556
firebird4.0-examples_4.0.5.3140.ds6-17+deb13u1_all.deb
e70c7857113539cfb8ee25a9c6bd48fb481042e3d08d0cf2ac304c3af1a40df4 65928428
firebird4.0-server-core-dbgsym_4.0.5.3140.ds6-17+deb13u1_amd64.deb
ef7ee4a1dc3c41836a3a372c48ede19e350e4d89c9328710dbb4a68fdab99770 3539500
firebird4.0-server-core_4.0.5.3140.ds6-17+deb13u1_amd64.deb
7e05fe326a95087af62096f261f67fd23b01aebcb236a88b7d70e265587e6164 9004796
firebird4.0-server-dbgsym_4.0.5.3140.ds6-17+deb13u1_amd64.deb
97d3ef07eb0a9889a73eb3c4414f11471940641507dd0569b31c64a556c88d1c 658560
firebird4.0-server_4.0.5.3140.ds6-17+deb13u1_amd64.deb
54d06ce7917b28da71b2b6799c62f6d54bfaaabc556c7be2d57300f186ef30ec 20815280
firebird4.0-utils-dbgsym_4.0.5.3140.ds6-17+deb13u1_amd64.deb
260123f0083ca535aae6996cef17a2374bf1b01957ecbd5e1600baed254f593b 1359924
firebird4.0-utils_4.0.5.3140.ds6-17+deb13u1_amd64.deb
22df34fc143bb0d9fcd2c18bfa29b3ea23c626390f64ce7e49fae9aeda6cfce4 12008
firebird4.0_4.0.5.3140.ds6-17+deb13u1_amd64.buildinfo
7f6ecde7eedeb1d11720b069d77d326025ebdb050c501ec414aa5b21488b4902 7636956
libfbclient2-dbgsym_4.0.5.3140.ds6-17+deb13u1_amd64.deb
e8459d0de2c2478ab4fc51a5ee6c16a7f16b5def503ad4906d1ce91bb793d659 824308
libfbclient2_4.0.5.3140.ds6-17+deb13u1_amd64.deb
177099eb3a2766e9e9ff2dd8f81fb87b61fdbe30e176923ddc60875bc77b819c 25340
libib-util-dbgsym_4.0.5.3140.ds6-17+deb13u1_amd64.deb
3d44c8da0218c13c47a40b8f9f0302be85ac5432f627d8f10645407711d5cf2b 3220
libib-util_4.0.5.3140.ds6-17+deb13u1_amd64.deb
Files:
85c118661934e3576b24552a3d3fd220 2892 database optional
firebird4.0_4.0.5.3140.ds6-17+deb13u1.dsc
3c96e1fdbb09fae112196cdb49331a9f 3965400 database optional
firebird4.0_4.0.5.3140.ds6.orig.tar.xz
88ac14916c76489fe43d57572ba37489 105828 database optional
firebird4.0_4.0.5.3140.ds6-17+deb13u1.debian.tar.xz
250ddea59a0b292995b8ad15605afbd1 147668 libdevel optional
firebird-dev_4.0.5.3140.ds6-17+deb13u1_amd64.deb
0523c69f1628cdf5e8cb2601e3e4df99 3772 database optional
firebird-utils_4.0.5.3140.ds6-17+deb13u1_all.deb
81f2f2cc1d0015ea2c65d4e365125376 57268 doc optional
firebird4.0-common-doc_4.0.5.3140.ds6-17+deb13u1_all.deb
3b7af61f5db979fcc82efdb1cc933217 18140 database optional
firebird4.0-common_4.0.5.3140.ds6-17+deb13u1_all.deb
660e46708228d06c301dbc94f3d46c86 183504 doc optional
firebird4.0-doc_4.0.5.3140.ds6-17+deb13u1_all.deb
df5e98933075125808a2e51f3ba357a9 387556 doc optional
firebird4.0-examples_4.0.5.3140.ds6-17+deb13u1_all.deb
56ecbf5df08a0c467384656aeb4fc823 65928428 debug optional
firebird4.0-server-core-dbgsym_4.0.5.3140.ds6-17+deb13u1_amd64.deb
8b47258ff6acf40cdcef5e90c62a5c52 3539500 database optional
firebird4.0-server-core_4.0.5.3140.ds6-17+deb13u1_amd64.deb
c8b6698354cec90e303beecc76a92805 9004796 debug optional
firebird4.0-server-dbgsym_4.0.5.3140.ds6-17+deb13u1_amd64.deb
19a0375f7df89994e176bb94c107ce06 658560 database optional
firebird4.0-server_4.0.5.3140.ds6-17+deb13u1_amd64.deb
074d6429f80cce04b4ceb9c324e6b8c0 20815280 debug optional
firebird4.0-utils-dbgsym_4.0.5.3140.ds6-17+deb13u1_amd64.deb
1e07129fe75dd6f082328495a63140d9 1359924 database optional
firebird4.0-utils_4.0.5.3140.ds6-17+deb13u1_amd64.deb
fbab56b2f0fe81c68de83acf66e8744d 12008 database optional
firebird4.0_4.0.5.3140.ds6-17+deb13u1_amd64.buildinfo
f4841146e47354c9e6b37170ff5dcdba 7636956 debug optional
libfbclient2-dbgsym_4.0.5.3140.ds6-17+deb13u1_amd64.deb
0d4e21e04dcf5b6b69f20d652ecf807d 824308 libs optional
libfbclient2_4.0.5.3140.ds6-17+deb13u1_amd64.deb
ca011822612cca39115621b46531eb83 25340 debug optional
libib-util-dbgsym_4.0.5.3140.ds6-17+deb13u1_amd64.deb
857bef6d65bcd0be21220a852f8a9f6d 3220 libs optional
libib-util_4.0.5.3140.ds6-17+deb13u1_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEErqDETssFbpNjDZ0z276dTZnSoAQFAmiy2q0ACgkQ276dTZnS
oASYVBAAi//TxWkUmrpUdqf34sp523ap7nD48SYjiCcO0pUvPEuNi3tKw9gKb62m
JQJ4jAe6KHfSgxvzLmYfA+Jo6vBbVZvZgoUirCfMQWC0PJ4XvaGQxdNY1r41c35x
gyx5B1pxAleCHqWwZlphPeuWHjD26PSYM4Sl11E3CI3EB1pt5ReAstX35BAtoIlr
FWOuHNXdEbttPqIgdq8CmLcKSqQSP2E2cnMkm+X8Ix2q+P2pROvAuv1bwpd2qi0M
pZkcbEgApIqEbv87GMqg0fnOb8DJ86S1jEWtq0cWHly2u5xx9lOtfWPWIQ5LC8wy
ocMNu7vqsq5ggtC/u+28V+ICLd+TVgYm5sS14RzHPD1EenB2k0m3pmjWFxhXifXP
ifGmd4qskOtJiWM08VO6WwYB9y1IkwS2Gz5D89AnmhIJIi3JtFSW2Q9pOgyF8Ihu
iOAjUszWshBr3481Z2NRkLxssTJv3GZxHGSxzgz2aCWicAwtifm2d2hzEIwIKpAf
fLNYcfIO0byvn0m6ykaH0H6FQO5g1Gc6F4D0sP8u7H5eByUklJwgrgepwBEo8HLt
jD1AAndWWifanzDQ2UQA3U849sZk75hslZrnCVKWXBQ0rC3MqBdWvYHVjeDL5kiP
p/8jXMIgp1EzstLBCBv24WxtArk/dX6pgrxo6LfHuNb/aT+g11U=
=gbQ5
-----END PGP SIGNATURE-----
pgpU8cyuk2M8B.pgp
Description: PGP signature
--- End Message ---
