-=| Chris Lamb, 04.04.2018 08:39:52 +0100 |=-
> Dear maintainer(s),
> 
> The Debian LTS team would like to fix the security issues which are
> currently open in the Wheezy version of firebird2.5:
> https://security-tracker.debian.org/tracker/source-package/firebird2.5
> 
> Would you like to take care of this yourself?

Sorry, no.

AFAIS, the only open vulnerability is CVE-2017-11509. Moritz from the 
security team advised against updating that for stable, and the issue 
is still open in unstable.

According to the researchers discovering it, upstream refused to fix 
it :( so the only "fix" I am aware of is the change in the default 
config to disable the vulnerable functionality. You can find the patch 
for firebird3.0 at 
https://salsa.debian.org/firebird-team/firebird3.0/commit/5ad1c64f67ce9f091a2b747fa54519ef7d144698

It is perhaps not directly applicable to firebid2.5, but should help 
regardless.


Good luck!

Reply via email to