This bug was fixed in the package firebird2.5 - 2.5.2.26540.ds4-1
---------------
firebird2.5 (2.5.2.26540.ds4-1) unstable; urgency=low
* Official 2.5.2 release
+ CORE-3912: segfault in superclassic (Closes: #693192)
+ Restored the on-disk-structure compatibility with 2.5.1 index keys
(Closes: #693193)
+ Fixed broken (working as no-op) sweep in SuperServer (Closes: #693195)
+ CORE-3902: Derived fields may not be optimized via an index
(Closes: #693196)
+ CORE-3895: High memory usage when PSQL code SELECT's from stored
procedure which modified some data (Closes: #693202)
+ CORE-3238: GEN_UUID returns a non-RFC-4122-compliant UUID
(Closes: #693207)
+ CORE-3887: CHAR_TO_UUID and UUID_TO_CHAR works different in big endian
architectures (Closes: #693209)
+ Enabled per-table runtime stats for sweeper
+ Changes not concerning Debian
- CORE-3786: Hangs on MacOSX 10.7 (Lion) on DB create after reboot
- CORE-3911: API entrypoints Bopen and BLOB_open are not visible on Darwin
- CORE-3740: SELECT using IN list with >413 elements causes crash on Mac
(stack overflow with default stack size)
- CORE-3740: optimisation bug in GCC on Darwin
* Update debian/copyright (two new files, no licensing changes)
* Add NEWS.Debian about incompatible fix in char↔UUID conversion functions
* drop patches included in the upstream release:
+ upstream/r54702-cve-2012-5529.patch
+ upstream/r57728-cve-2013-2429.patch
* refresh separate-file-and-sem-perms.patch to apply cleanly
* Patches taken from upstream SVN
+ r57516r57773-gbak-y-redirection.patch
make gbak -y work with redirection again (regression from 2.5.1)
http://tracker.firebirdsql.org/browse/CORE-3995
+ r57707r57710-lots-autonomous-trx-leaks-crash.patch
fix engine crash/memory leak with many autonomous transactions (remote
crash/memory leak)
http://tracker.firebirdsql.org/browse/CORE-3908
+ r57349-bad-trn-num-logged-during-sweep.patch
fix invalid transaction counters logged during sweep (trivial fix)
http://tracker.firebirdsql.org/browse/CORE-3978
+ r57714r57716-fix-isql-edit-command.patch
fix isql's edit command broken in 2.5.2 (regression from 2.5.1)
http://tracker.firebirdsql.org/browse/CORE-3990
+ r58004-crash-converting-overscaled-numeric-to-string.patch
fix engine crash while converting an overscaled numeric to a string
(remote crash)
http://tracker.firebirdsql.org/browse/CORE-4093
+ r57795-crash-storing-long-incompressible-data.patch
fix bugcheck/corruption when storing long uncompressible data (possible
db corruption)
http://tracker.firebirdsql.org/browse/CORE-4036
* add out/crash-create-db-restricted.patch
fixes a server crash when attempting creation of a database outside of
allowed paths with firebrd.xonf setting of 'DatabaseAccess' other than
'Full'
-- Damyan Ivanov <[email protected]> Thu, 09 May 2013 16:39:17 +0300
firebird2.5 (2.5.2~svn+54698.ds4-3) unstable; urgency=high
* Recover lost doc/libfbclient2 -> firebird2.5-common-doc symlink
In Lenny, all firebird binary packages were shipping their doc/ directory
with copyright information. Because of the size of that copyright
information, when firebird2.5 packages were introduced in squeeze, they
used symlinks to the doc/firebird2.5-common-doc directory, which contained
a single copy of the copyright file. However, since dpkg won't replace
directory with a symlink, upgrading libfbclient2 from lenny (2.0) to
squeeze (2.5) leaves an empty doc/libfbclient2 directory, breaking the
Policy requirement (12.5) that every binary package ships a copyright
file.
The fix implemented in this version is to check if doc/libfbclient2 is an
empty directory (and not a symlink) and remove it in preinst. If it is a
directory and is not empty, it is renamed with .dpkg-old extension. This
gives dpkg way to unpack the shipped symlink.
Closes: #692948 -- missing copyright file after upgrade from lenny to
squeeze to wheezy/sid.
Thanks go to Andreas Beckmann for reporting the issue, Julian Taylor,
Slávek Banko and Serafeim Zanikolas for helping with the implementation.
-- Damyan Ivanov <[email protected]> Fri, 22 Mar 2013 15:11:16 +0200
firebird2.5 (2.5.2~svn+54698.ds4-2) unstable; urgency=high
* High urgency for upload fixing security issues
* fix server crash when preparing an empty SQL statement with tracing enabled
patch taken from upstream revision 54702. Closes: #693210 (CVE-2012-5529)
* fix remote pre-authentication stack overflow in firebird server
patch taken from upstream revision 57728. Closes: #702736 (CVE-2013-2429)
-- Damyan Ivanov <[email protected]> Mon, 18 Mar 2013 17:23:50 +0200
** Changed in: firebird2.5 (Ubuntu)
Status: Incomplete => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-5529
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-2429
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1156942
Title:
firebird2.5: CVE-2013-2492: Request Processing Buffer Overflow
Vulnerability
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firebird2.5/+bug/1156942/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
