Your message dated Sat, 06 Sep 2025 12:14:50 +0100
with message-id
<ee4c0876608d99eb3f8b333b556fbd92e7a652eb.ca...@adam-barratt.org.uk>
and subject line Closing p-u requests for fixes included in 12.12
has caused the Debian Bug report #1112039,
regarding bookworm-pu: package firebird3.0/3.0.11.33637.ds4-2+deb12u1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1112039: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112039
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: [email protected]
Control: affects -1 + src:firebird3.0
User: [email protected]
Usertags: pu
* CVE-2025-54989: XDR Message Parsing NULL Pointer Dereference
(Closes: #1111321)
diffstat for firebird3.0-3.0.11.33637.ds4 firebird3.0-3.0.11.33637.ds4
changelog | 8 +++
patches/0001-Fix-for-GHSA-7qp6-hqxj-pjjp-ZDI-CAN-26486.patch | 28 +++++++++++
patches/series | 1
3 files changed, 37 insertions(+)
diff -Nru firebird3.0-3.0.11.33637.ds4/debian/changelog
firebird3.0-3.0.11.33637.ds4/debian/changelog
--- firebird3.0-3.0.11.33637.ds4/debian/changelog 2022-10-24
22:36:38.000000000 +0300
+++ firebird3.0-3.0.11.33637.ds4/debian/changelog 2025-08-25
12:20:39.000000000 +0300
@@ -1,3 +1,11 @@
+firebird3.0 (3.0.11.33637.ds4-2+deb12u1) bookworm; urgency=medium
+
+ * Non-maintainer upload.
+ * CVE-2025-54989: XDR Message Parsing NULL Pointer Dereference
+ (Closes: #1111321)
+
+ -- Adrian Bunk <[email protected]> Mon, 25 Aug 2025 12:20:39 +0300
+
firebird3.0 (3.0.11.33637.ds4-2) unstable; urgency=medium
* fix arch-all-only build by overriding only dh_lintian-arch for libib-util
diff -Nru
firebird3.0-3.0.11.33637.ds4/debian/patches/0001-Fix-for-GHSA-7qp6-hqxj-pjjp-ZDI-CAN-26486.patch
firebird3.0-3.0.11.33637.ds4/debian/patches/0001-Fix-for-GHSA-7qp6-hqxj-pjjp-ZDI-CAN-26486.patch
---
firebird3.0-3.0.11.33637.ds4/debian/patches/0001-Fix-for-GHSA-7qp6-hqxj-pjjp-ZDI-CAN-26486.patch
1970-01-01 02:00:00.000000000 +0200
+++
firebird3.0-3.0.11.33637.ds4/debian/patches/0001-Fix-for-GHSA-7qp6-hqxj-pjjp-ZDI-CAN-26486.patch
2025-08-25 12:19:54.000000000 +0300
@@ -0,0 +1,28 @@
+From f6d0e7ced133c7ed3cade0d98430ddfb71e43996 Mon Sep 17 00:00:00 2001
+From: AlexPeshkoff <[email protected]>
+Date: Mon, 5 May 2025 19:03:13 +0300
+Subject: Fix for GHSA-7qp6-hqxj-pjjp / ZDI-CAN-26486
+
+---
+ src/remote/protocol.cpp | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/src/remote/protocol.cpp b/src/remote/protocol.cpp
+index 6b1fc4ee34..95316cd041 100644
+--- a/src/remote/protocol.cpp
++++ b/src/remote/protocol.cpp
+@@ -1857,6 +1857,11 @@ static bool_t xdr_trrq_message( XDR* xdrs, USHORT
msg_type)
+ rem_port* port = xdrs->x_public;
+ Rpr* procedure = port->port_rpr;
+
++ // normally that never happens
++ fb_assert(procedure);
++ if (!procedure)
++ return false;
++
+ if (msg_type == 1)
+ return xdr_message(xdrs, procedure->rpr_out_msg,
procedure->rpr_out_format);
+
+--
+2.30.2
+
diff -Nru firebird3.0-3.0.11.33637.ds4/debian/patches/series
firebird3.0-3.0.11.33637.ds4/debian/patches/series
--- firebird3.0-3.0.11.33637.ds4/debian/patches/series 2022-10-23
21:41:01.000000000 +0300
+++ firebird3.0-3.0.11.33637.ds4/debian/patches/series 2025-08-25
12:20:35.000000000 +0300
@@ -20,3 +20,4 @@
deb/cve-2017-11509.patch
out/hppa-mod_loader.patch
out/hurd-maxpathlen.patch
+0001-Fix-for-GHSA-7qp6-hqxj-pjjp-ZDI-CAN-26486.patch
--- End Message ---
--- Begin Message ---
Package: release.debian.org
Version: 12.12
Hi,
Each of the updates referenced by these requests was included in
today's 12.12 point release for bookworm.
Regards,
Adam
--- End Message ---
