-=| Chris Lamb, 04.04.2018 08:39:52 +0100 |=- > Dear maintainer(s), > > The Debian LTS team would like to fix the security issues which are > currently open in the Wheezy version of firebird2.5: > https://security-tracker.debian.org/tracker/source-package/firebird2.5 > > Would you like to take care of this yourself?
Sorry, no. AFAIS, the only open vulnerability is CVE-2017-11509. Moritz from the security team advised against updating that for stable, and the issue is still open in unstable. According to the researchers discovering it, upstream refused to fix it :( so the only "fix" I am aware of is the change in the default config to disable the vulnerable functionality. You can find the patch for firebird3.0 at https://salsa.debian.org/firebird-team/firebird3.0/commit/5ad1c64f67ce9f091a2b747fa54519ef7d144698 It is perhaps not directly applicable to firebid2.5, but should help regardless. Good luck!
