Bug#1111322: marked as done (firebird4.0: CVE-2025-24975)

Debian Bug Tracking System Sat, 30 Aug 2025 13:33:19 -0700

Your message dated Sat, 30 Aug 2025 20:32:10 +0000
with message-id <[email protected]>
and subject line Bug#1111322: fixed in firebird4.0 4.0.5.3140.ds6-17+deb13u1
has caused the Debian Bug report #1111322,
regarding firebird4.0: CVE-2025-24975
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1111322: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111322
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Source: firebird4.0
Version: 4.0.5.3140.ds6-17
Severity: important
Tags: security upstream
Forwarded: https://github.com/FirebirdSQL/firebird/issues/8429
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>

Hi,

The following vulnerability was published for firebird4.0.

CVE-2025-24975[0]:
| Firebird is a relational database. Prior to snapshot versions
| 4.0.6.3183, 5.0.2.1610, and 6.0.0.609, Firebird is vulnerable if
| ExtConnPoolSize is not set equal to 0. If connections stored in
| ExtConnPool are not verified for presence and suitability of the
| CryptCallback interface is used when created versus what is
| available could result in a segfault in the server process.
| Encrypted databases, accessed by execute statement on external, may
| be accessed later by an attachment missing a key to that database.
| In a case when execute statement are chained, segfault may happen.
| Additionally, the segfault may affect unencrypted databases. This
| issue has been patched in snapshot versions 4.0.6.3183, 5.0.2.1610,
| and 6.0.0.609 and point releases 4.0.6 and 5.0.2. A workaround for
| this issue involves setting ExtConnPoolSize equal to 0 in
| firebird.conf.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2025-24975
    https://www.cve.org/CVERecord?id=CVE-2025-24975
[1] https://github.com/FirebirdSQL/firebird/issues/8429
[2] 
https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-fx9r-rj68-7p69
[3] 
https://github.com/FirebirdSQL/firebird/commit/658abd20449f72097fbbce57e8e6ae42ff837fb6

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Source: firebird4.0
Source-Version: 4.0.5.3140.ds6-17+deb13u1
Done: Damyan Ivanov <[email protected]>

We believe that the bug you reported is fixed in the latest version of
firebird4.0, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Damyan Ivanov <[email protected]> (supplier of updated firebird4.0 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 25 Aug 2025 13:51:42 +0000
Source: firebird4.0
Binary: firebird-dev firebird-utils firebird4.0-common firebird4.0-common-doc 
firebird4.0-doc firebird4.0-examples firebird4.0-server firebird4.0-server-core 
firebird4.0-server-core-dbgsym firebird4.0-server-dbgsym firebird4.0-utils 
firebird4.0-utils-dbgsym libfbclient2 libfbclient2-dbgsym libib-util 
libib-util-dbgsym
Architecture: source amd64 all
Version: 4.0.5.3140.ds6-17+deb13u1
Distribution: trixie-security
Urgency: medium
Maintainer: Damyan Ivanov <[email protected]>
Changed-By: Damyan Ivanov <[email protected]>
Description:
 firebird-dev - Development files for Firebird
 firebird-utils - Firebird command line utilities wrapper
 firebird4.0-common - common files for firebird 4.0 server, client and utilities
 firebird4.0-common-doc - copyright, licensing and changelogs of firebird4.0
 firebird4.0-doc - Documentation files for firebird database version 4.0
 firebird4.0-examples - Examples for Firebird database
 firebird4.0-server - Firebird Server - an RDBMS based on InterBase 6.0 code
 firebird4.0-server-core - Firebird engine core
 firebird4.0-utils - Firebird command line utilities
 libfbclient2 - Firebird client library
 libib-util - Firebird UDF support library
Closes: 1111320 1111322
Changes:
 firebird4.0 (4.0.5.3140.ds6-17+deb13u1) trixie-security; urgency=medium
 .
   * cherry pick fix for CVE-2025-54989 from upstream (Closes: #1111320)
   * cherry pick fix for CVE-2025-24975 from upstream (Closes: #1111322)
   * switch debian-branch to debian/trixie-security in gbp.conf
Checksums-Sha1:
 a2ff97fb97f4308367467d98140105e4674f69aa 2892 
firebird4.0_4.0.5.3140.ds6-17+deb13u1.dsc
 042a61a0170c2e1a89008fbe9fe8bd2eeaf73bbd 3965400 
firebird4.0_4.0.5.3140.ds6.orig.tar.xz
 1d791e90f5b81681ee703025cf510ceb4ec654b1 105828 
firebird4.0_4.0.5.3140.ds6-17+deb13u1.debian.tar.xz
 f4e659437f77e31b3edd1218080db65751650722 147668 
firebird-dev_4.0.5.3140.ds6-17+deb13u1_amd64.deb
 a1e044b6c5e636bc2a7248e12c1b9e8e52100970 3772 
firebird-utils_4.0.5.3140.ds6-17+deb13u1_all.deb
 be204a10b72c8d39d104f5e398cfc4e4c9263717 57268 
firebird4.0-common-doc_4.0.5.3140.ds6-17+deb13u1_all.deb
 45625699b573e88b8852a8f74e70071a2ad6076a 18140 
firebird4.0-common_4.0.5.3140.ds6-17+deb13u1_all.deb
 0768469e6744514d7174cc95dd108502ee784f4c 183504 
firebird4.0-doc_4.0.5.3140.ds6-17+deb13u1_all.deb
 110f1997aa02384ab6567f8c80ed3e888a709f5c 387556 
firebird4.0-examples_4.0.5.3140.ds6-17+deb13u1_all.deb
 ad057b07d5e0e90ed0f56a68aee451bc98c201f6 65928428 
firebird4.0-server-core-dbgsym_4.0.5.3140.ds6-17+deb13u1_amd64.deb
 dfe05ee3ec7ef7a37df4350862eb63fc90618276 3539500 
firebird4.0-server-core_4.0.5.3140.ds6-17+deb13u1_amd64.deb
 544d84ea0dd3c66c3897b0a207bd387f492c25bc 9004796 
firebird4.0-server-dbgsym_4.0.5.3140.ds6-17+deb13u1_amd64.deb
 0a1b7df44bbd2f174d13f286708257b865504150 658560 
firebird4.0-server_4.0.5.3140.ds6-17+deb13u1_amd64.deb
 8bb86460ee51d784b1d02a3936c99b59ca99d893 20815280 
firebird4.0-utils-dbgsym_4.0.5.3140.ds6-17+deb13u1_amd64.deb
 896fc355fb08ec8dc4aa943ed7e7146693a54fde 1359924 
firebird4.0-utils_4.0.5.3140.ds6-17+deb13u1_amd64.deb
 3ead5a20a77b071ee0129296cae990187232e45b 12008 
firebird4.0_4.0.5.3140.ds6-17+deb13u1_amd64.buildinfo
 e66cb5bb47a83397102c038a6f4ae7e6aa82af26 7636956 
libfbclient2-dbgsym_4.0.5.3140.ds6-17+deb13u1_amd64.deb
 c8489de75f9e8982ae4959700bd8f848ee82db6b 824308 
libfbclient2_4.0.5.3140.ds6-17+deb13u1_amd64.deb
 582df043166ccbf856de4ac04d77a72bfa51eedf 25340 
libib-util-dbgsym_4.0.5.3140.ds6-17+deb13u1_amd64.deb
 c5f6331a151bb04c13a0a406828679d25a48bcaf 3220 
libib-util_4.0.5.3140.ds6-17+deb13u1_amd64.deb
Checksums-Sha256:
 ecdadc59e3b1f49e926247697868bd8e860694d74e55a68d4c594acb44856ed0 2892 
firebird4.0_4.0.5.3140.ds6-17+deb13u1.dsc
 a76dbeaa247f70ff69c52c5a35260d9989a100de10516ab7bf0fc1d6b1528f90 3965400 
firebird4.0_4.0.5.3140.ds6.orig.tar.xz
 732434fe8d0bb0c3c91a82705cf73d73e30451774c8b5f73721779ab502f62ba 105828 
firebird4.0_4.0.5.3140.ds6-17+deb13u1.debian.tar.xz
 953f02cf9ae42951325fa9a9e134424e0a81012d381af6ad1aba2b7d6e4e59a9 147668 
firebird-dev_4.0.5.3140.ds6-17+deb13u1_amd64.deb
 c4418b08890cd2ec319dade533f63a15fe88466f8354c6f35aed32c1ed8bd24b 3772 
firebird-utils_4.0.5.3140.ds6-17+deb13u1_all.deb
 01b52e1a8a3dcfb8a244668b20c280b575e11851b6dbce08c0f72f8d14fdaf4a 57268 
firebird4.0-common-doc_4.0.5.3140.ds6-17+deb13u1_all.deb
 79cb1ee9cbfeee322c3e262f52e3197aa2aee34a4f0b2640a373931eb98e3d40 18140 
firebird4.0-common_4.0.5.3140.ds6-17+deb13u1_all.deb
 a5803672bbf2e14f0dc9922e8f58971b66e8a5936813c73e8932516254567ef9 183504 
firebird4.0-doc_4.0.5.3140.ds6-17+deb13u1_all.deb
 dc46983fb4e6aa9e7910eb46009ee429f8a88c20ad722d833441b4d44b0b55db 387556 
firebird4.0-examples_4.0.5.3140.ds6-17+deb13u1_all.deb
 e70c7857113539cfb8ee25a9c6bd48fb481042e3d08d0cf2ac304c3af1a40df4 65928428 
firebird4.0-server-core-dbgsym_4.0.5.3140.ds6-17+deb13u1_amd64.deb
 ef7ee4a1dc3c41836a3a372c48ede19e350e4d89c9328710dbb4a68fdab99770 3539500 
firebird4.0-server-core_4.0.5.3140.ds6-17+deb13u1_amd64.deb
 7e05fe326a95087af62096f261f67fd23b01aebcb236a88b7d70e265587e6164 9004796 
firebird4.0-server-dbgsym_4.0.5.3140.ds6-17+deb13u1_amd64.deb
 97d3ef07eb0a9889a73eb3c4414f11471940641507dd0569b31c64a556c88d1c 658560 
firebird4.0-server_4.0.5.3140.ds6-17+deb13u1_amd64.deb
 54d06ce7917b28da71b2b6799c62f6d54bfaaabc556c7be2d57300f186ef30ec 20815280 
firebird4.0-utils-dbgsym_4.0.5.3140.ds6-17+deb13u1_amd64.deb
 260123f0083ca535aae6996cef17a2374bf1b01957ecbd5e1600baed254f593b 1359924 
firebird4.0-utils_4.0.5.3140.ds6-17+deb13u1_amd64.deb
 22df34fc143bb0d9fcd2c18bfa29b3ea23c626390f64ce7e49fae9aeda6cfce4 12008 
firebird4.0_4.0.5.3140.ds6-17+deb13u1_amd64.buildinfo
 7f6ecde7eedeb1d11720b069d77d326025ebdb050c501ec414aa5b21488b4902 7636956 
libfbclient2-dbgsym_4.0.5.3140.ds6-17+deb13u1_amd64.deb
 e8459d0de2c2478ab4fc51a5ee6c16a7f16b5def503ad4906d1ce91bb793d659 824308 
libfbclient2_4.0.5.3140.ds6-17+deb13u1_amd64.deb
 177099eb3a2766e9e9ff2dd8f81fb87b61fdbe30e176923ddc60875bc77b819c 25340 
libib-util-dbgsym_4.0.5.3140.ds6-17+deb13u1_amd64.deb
 3d44c8da0218c13c47a40b8f9f0302be85ac5432f627d8f10645407711d5cf2b 3220 
libib-util_4.0.5.3140.ds6-17+deb13u1_amd64.deb
Files:
 85c118661934e3576b24552a3d3fd220 2892 database optional 
firebird4.0_4.0.5.3140.ds6-17+deb13u1.dsc
 3c96e1fdbb09fae112196cdb49331a9f 3965400 database optional 
firebird4.0_4.0.5.3140.ds6.orig.tar.xz
 88ac14916c76489fe43d57572ba37489 105828 database optional 
firebird4.0_4.0.5.3140.ds6-17+deb13u1.debian.tar.xz
 250ddea59a0b292995b8ad15605afbd1 147668 libdevel optional 
firebird-dev_4.0.5.3140.ds6-17+deb13u1_amd64.deb
 0523c69f1628cdf5e8cb2601e3e4df99 3772 database optional 
firebird-utils_4.0.5.3140.ds6-17+deb13u1_all.deb
 81f2f2cc1d0015ea2c65d4e365125376 57268 doc optional 
firebird4.0-common-doc_4.0.5.3140.ds6-17+deb13u1_all.deb
 3b7af61f5db979fcc82efdb1cc933217 18140 database optional 
firebird4.0-common_4.0.5.3140.ds6-17+deb13u1_all.deb
 660e46708228d06c301dbc94f3d46c86 183504 doc optional 
firebird4.0-doc_4.0.5.3140.ds6-17+deb13u1_all.deb
 df5e98933075125808a2e51f3ba357a9 387556 doc optional 
firebird4.0-examples_4.0.5.3140.ds6-17+deb13u1_all.deb
 56ecbf5df08a0c467384656aeb4fc823 65928428 debug optional 
firebird4.0-server-core-dbgsym_4.0.5.3140.ds6-17+deb13u1_amd64.deb
 8b47258ff6acf40cdcef5e90c62a5c52 3539500 database optional 
firebird4.0-server-core_4.0.5.3140.ds6-17+deb13u1_amd64.deb
 c8b6698354cec90e303beecc76a92805 9004796 debug optional 
firebird4.0-server-dbgsym_4.0.5.3140.ds6-17+deb13u1_amd64.deb
 19a0375f7df89994e176bb94c107ce06 658560 database optional 
firebird4.0-server_4.0.5.3140.ds6-17+deb13u1_amd64.deb
 074d6429f80cce04b4ceb9c324e6b8c0 20815280 debug optional 
firebird4.0-utils-dbgsym_4.0.5.3140.ds6-17+deb13u1_amd64.deb
 1e07129fe75dd6f082328495a63140d9 1359924 database optional 
firebird4.0-utils_4.0.5.3140.ds6-17+deb13u1_amd64.deb
 fbab56b2f0fe81c68de83acf66e8744d 12008 database optional 
firebird4.0_4.0.5.3140.ds6-17+deb13u1_amd64.buildinfo
 f4841146e47354c9e6b37170ff5dcdba 7636956 debug optional 
libfbclient2-dbgsym_4.0.5.3140.ds6-17+deb13u1_amd64.deb
 0d4e21e04dcf5b6b69f20d652ecf807d 824308 libs optional 
libfbclient2_4.0.5.3140.ds6-17+deb13u1_amd64.deb
 ca011822612cca39115621b46531eb83 25340 debug optional 
libib-util-dbgsym_4.0.5.3140.ds6-17+deb13u1_amd64.deb
 857bef6d65bcd0be21220a852f8a9f6d 3220 libs optional 
libib-util_4.0.5.3140.ds6-17+deb13u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEErqDETssFbpNjDZ0z276dTZnSoAQFAmiy2q0ACgkQ276dTZnS
oASYVBAAi//TxWkUmrpUdqf34sp523ap7nD48SYjiCcO0pUvPEuNi3tKw9gKb62m
JQJ4jAe6KHfSgxvzLmYfA+Jo6vBbVZvZgoUirCfMQWC0PJ4XvaGQxdNY1r41c35x
gyx5B1pxAleCHqWwZlphPeuWHjD26PSYM4Sl11E3CI3EB1pt5ReAstX35BAtoIlr
FWOuHNXdEbttPqIgdq8CmLcKSqQSP2E2cnMkm+X8Ix2q+P2pROvAuv1bwpd2qi0M
pZkcbEgApIqEbv87GMqg0fnOb8DJ86S1jEWtq0cWHly2u5xx9lOtfWPWIQ5LC8wy
ocMNu7vqsq5ggtC/u+28V+ICLd+TVgYm5sS14RzHPD1EenB2k0m3pmjWFxhXifXP
ifGmd4qskOtJiWM08VO6WwYB9y1IkwS2Gz5D89AnmhIJIi3JtFSW2Q9pOgyF8Ihu
iOAjUszWshBr3481Z2NRkLxssTJv3GZxHGSxzgz2aCWicAwtifm2d2hzEIwIKpAf
fLNYcfIO0byvn0m6ykaH0H6FQO5g1Gc6F4D0sP8u7H5eByUklJwgrgepwBEo8HLt
jD1AAndWWifanzDQ2UQA3U849sZk75hslZrnCVKWXBQ0rC3MqBdWvYHVjeDL5kiP
p/8jXMIgp1EzstLBCBv24WxtArk/dX6pgrxo6LfHuNb/aT+g11U=
=gbQ5
-----END PGP SIGNATURE-----

pgpbRsj3Dl9Fr.pgp
Description: PGP signature

--- End Message ---

Bug#1111322: marked as done (firebird4.0: CVE-2025-24975)

Reply via email to