-=| Moritz Muehlenhoff, 04.03.2013 18:59:53 +0100 |=- > On Sun, Jan 20, 2013 at 11:40:54PM +0900, Hideki Yamane wrote: > > On Wed, 14 Nov 2012 23:14:51 +0200 > > Damyan Ivanov <d...@debian.org> wrote: > > > > Forwarded: http://tracker.firebirdsql.org/browse/CORE-3884 > > > > > > > > With trace enabled, preparing an empty query crashes the server on line > > > > 91 of > > > > /src/jrd/trace/TraceDSQLHelpers.h, since the dereferenced m_request > > > > variable is > > > > NULL. > > > > > > > > Tagged as 'security' since this is a remote crash, although it requires > > > > a valid > > > > user/pass. > > > > > > This issue has assigned CVE-2012-5529. > > > > Probably you know, it was fixed in upstream svn and they released 2.5.2. > > I've attached a patch (build fine with pbuilder), please check and apply > > it. > > Firebird maintainers, > can you please fix this for Wheezy?
Hm, what about squeeze, which is also affected? Attached is a (source) debdiff against the version in squeeze. Should it go via stable-security or stable-updates? Thanks, dam
diff -u firebird2.5-2.5.0.26054~ReleaseCandidate3.ds2/debian/changelog firebird2.5-2.5.0.26054~ReleaseCandidate3.ds2/debian/changelog --- firebird2.5-2.5.0.26054~ReleaseCandidate3.ds2/debian/changelog +++ firebird2.5-2.5.0.26054~ReleaseCandidate3.ds2/debian/changelog @@ -1,3 +1,12 @@ +firebird2.5 (2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1) stable-security; urgency=high + + * Apply patch from upstream revision r54702 fixing a crash (NULL pointer + dereference) when peraring an empty SQL statement with trace services + enabled (CVE-2012-5529) + Closes: #693210 + + -- Damyan Ivanov <d...@debian.org> Sat, 09 Mar 2013 17:22:24 +0200 + firebird2.5 (2.5.0.26054~ReleaseCandidate3.ds2-1) unstable; urgency=low * New upstream release candidate diff -u firebird2.5-2.5.0.26054~ReleaseCandidate3.ds2/debian/patches/series firebird2.5-2.5.0.26054~ReleaseCandidate3.ds2/debian/patches/series --- firebird2.5-2.5.0.26054~ReleaseCandidate3.ds2/debian/patches/series +++ firebird2.5-2.5.0.26054~ReleaseCandidate3.ds2/debian/patches/series @@ -17,0 +18 @@ +upstream/r54702-cve-2012-5529.patch only in patch2: unchanged: --- firebird2.5-2.5.0.26054~ReleaseCandidate3.ds2.orig/debian/patches/upstream/r54702-cve-2012-5529.patch +++ firebird2.5-2.5.0.26054~ReleaseCandidate3.ds2/debian/patches/upstream/r54702-cve-2012-5529.patch @@ -0,0 +1,20 @@ +Description: fix crash when preparing empty SQL statement with tracing enabled + Stolen from revision 54702 of upstream Subversion repository +Origin: http://firebird.svn.sourceforge.net/viewvc/firebird/firebird/branches/B2_5_Release/src/jrd/trace/TraceDSQLHelpers.h?r1=54702&r2=54701&pathrev=54702 +Bug: http://tracker.firebirdsql.org/browse/CORE-3884 +Bug-Debian: http://bugs.debian.org/693210 +Forwarded: not-needed +Author: Vlad Khorsun <hv...@sourceforge.net> +Applied-Upstream: 2.5.2 + +--- a/src/jrd/trace/TraceDSQLHelpers.h ++++ b/src/jrd/trace/TraceDSQLHelpers.h +@@ -88,7 +88,7 @@ public: + Firebird::string str(*getDefaultMemoryPool(), m_string, m_string_len); + + TraceFailedSQLStatement stmt(str); +- TraceManager::event_dsql_prepare(m_attachment, m_request->req_transaction, ++ TraceManager::event_dsql_prepare(m_attachment, m_request ? m_request->req_transaction : NULL, + &stmt, millis, result); + } + }
signature.asc
Description: Digital signature