Bug#463596: marked as done (firebird2.0: CVE-2008-0467 remote buffer overflow leading to arbitrary code execution)

Tue, 05 Feb 2008 10:47:09 -0800 

Your message dated Tue, 5 Feb 2008 20:43:42 +0200
with message-id <[EMAIL PROTECTED]>
and subject line [pkg-firebird-general] Bug#463596: intent to NMU
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message --- 
Source: firebird2.0
Severity: grave
Tags: security patch

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for firebird2.0.

CVE-2008-0467[0]:
| Buffer overflow in Firebird before 2.1.0 RC1 might allow remote
| attackers to execute arbitrary code via a long username.

You can find patches for this on:
http://tracker.firebirdsql.org/browse/CORE-1603?page=com.atlassian.jira.plugin.system.issuetabpanels:cvs-tabpanel

If you fix this vulnerability please also include the CVE id
in your changelog entry.

For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0467

Kind regards
Nico

-- 
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: pgpikeUX2KNYM.pgp
Description: PGP signature


--- End Message ---
--- Begin Message --- 
Version: 2.0.3.12981.ds1-5

-=| Nico Golde, Tue, Feb 05, 2008 at 05:40:47PM +0100 |=-
> Hi,
> I intent to NMU this bug.
> Attached is a patch that fixes this security issue.
> 
> It will be also archived on:
> http://people.debian.org/~nion/nmu-diff/firebird2.0-2.0.3.12981.ds1-4_2.0.3.12981.ds1-4.1.patch

Thank you Niko for your efforts.

Unfortunately I've already upploaded a fixed package several hours ago,
incidentaly, closing a wrong bug number :(

I hope you didn't lose too much time on this...
-- 
dam            JabberID: [EMAIL PROTECTED]

Attachment: signature.asc
Description: Digital signature


--- End Message ---

Reply via email to