Version 2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1 Reply-To: Damyan Ivanov <[email protected]>, [email protected] Resent-From: Damyan Ivanov <[email protected]> Resent-To: [email protected] Resent-CC: [email protected], [email protected], Debian Firebird Group <[email protected]> X-Loop: [email protected] Resent-Date: Thu, 11 Dec 2014 22:06:01 +0000 Resent-Message-ID: <[email protected]> Resent-Sender: [email protected] X-Debian-PR-Message: report 772880 X-Debian-PR-Package: src:firebird2.5 X-Debian-PR-Keywords: patch security upstream X-Debian-PR-Source: firebird2.5 Received: via spool by [email protected] id=B.141833541628756 (code B); Thu, 11 Dec 2014 22:06:01 +0000 Received: (at submit) by bugs.debian.org; 11 Dec 2014 22:03:36 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2-bugs.debian.org_2005_01_02 (2011-06-06) on buxtehude.debian.org X-Spam-Level: X-Spam-Status: No, score=-15.9 required=4.0 tests=BAYES_00,FOURLA, FROMDEVELOPER,HAS_PACKAGE,MURPHY_DRUGS_REL8,UNPARSEABLE_RELAY, XMAILER_REPORTBUG,X_DEBBUGS_CC autolearn=ham version=3.3.2-bugs.debian.org_2005_01_02 X-Spam-Bayes: score:0.0000 Tokens: new, 15; hammy, 150; neutral, 58; spammy, 1. spammytokens:0.982-+--browse hammytokens:0.000-+--systemd, 0.000-+--H*M:reportbug, 0.000-+--H*MI:reportbug, 0.000-+--H*x:reportbug, 0.000-+--H*UA:reportbug Received: from nose.ktnx.net ([84.40.112.70]) by buxtehude.debian.org with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <[email protected]>) id 1XzBpg-0007TR-By for [email protected]; Thu, 11 Dec 2014 22:03:36 +0000 Received: from [192.168.0.105] (helo=dltp) by nose.ktnx.net with esmtps (TLS1.0:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.84) (envelope-from <[email protected]>) id 1XzBpE-0002aa-K5 for [email protected]; Fri, 12 Dec 2014 00:03:33 +0200 Received: from dam (uid 1000) (envelope-from [email protected]) id 17a042c by dltp (DragonFly Mail Agent v0.9); Thu, 11 Dec 2014 22:03:02 +0000 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="UTF-8" From: Damyan Ivanov <[email protected]> To: Debian Bug Tracking System <[email protected]> Message-ID: <20141211220302.7443.39769.reportbug@dltp> X-Mailer: reportbug 6.6.1 Date: Thu, 11 Dec 2014 22:03:02 +0000 Delivered-To: [email protected]
Package: src:firebird2.5 Severity: important Tags: security upstream patch Forwarded: http://tracker.firebirdsql.org/browse/CORE-4630 According to upstream¹, firebird server versions prior to 3.0 can be tricked to a null pointer dereference by an unauthenticated remote client. 1: http://www.firebirdsql.org/en/news/security-updates-for-v2-1-and-v2-5-series-66011/ The fix is contained in revision 60322² of upstream's subversion repository. 2: https://sourceforge.net/p/firebird/code/60322/ -- dam -- System Information: Debian Release: 8.0 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'unstable'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=bg_BG.UTF-8, LC_CTYPE=bg_BG.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
_______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
