Bug#772880: marked as done (firebird2.5: CVE-2014-9323: Segfault in server caused by malformed network packet)

Tue, 23 Dec 2014 07:21:44 -0800 

Your message dated Tue, 23 Dec 2014 15:19:47 +0000
with message-id <e1y3rft-00047v...@franck.debian.org>
and subject line Bug#772880: fixed in firebird2.5 
2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze2
has caused the Debian Bug report #772880,
regarding firebird2.5: CVE-2014-9323: Segfault in server caused by malformed 
network packet
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
772880: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772880
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: src:firebird2.5
Severity: important
Tags: security upstream patch
Forwarded: http://tracker.firebirdsql.org/browse/CORE-4630

According to upstream¹, firebird server versions prior to 3.0 can be
tricked to a null pointer dereference by an unauthenticated remote
client.

1: 
http://www.firebirdsql.org/en/news/security-updates-for-v2-1-and-v2-5-series-66011/

The fix is contained in revision 60322² of upstream's subversion
repository.

2: https://sourceforge.net/p/firebird/code/60322/

-- dam


-- System Information:
Debian Release: 8.0
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'unstable'), (500, 'stable'), (1, 
'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=bg_BG.UTF-8, LC_CTYPE=bg_BG.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

--- End Message ---
--- Begin Message --- 
Source: firebird2.5
Source-Version: 2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze2

We believe that the bug you reported is fixed in the latest version of
firebird2.5, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 772...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thorsten Alteholz <deb...@alteholz.de> (supplier of updated firebird2.5 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 23 Dec 2014 13:21:04 +0100
Source: firebird2.5
Binary: firebird2.5-super firebird2.5-classic firebird2.5-superclassic 
libfbclient2 libfbembed2.5 libib-util firebird2.5-common 
firebird2.5-server-common firebird2.5-classic-common firebird2.5-dev 
firebird2.5-examples firebird2.5-doc firebird2.5-common-doc
Architecture: source all i386
Version: 2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze2
Distribution: squeeze-lts
Urgency: high
Maintainer: Debian Firebird Group <pkg-firebird-gene...@lists.alioth.debian.org>
Changed-By: Thorsten Alteholz <deb...@alteholz.de>
Description: 
 firebird2.5-classic - Firebird Classic Server - an RDBMS based on InterBase 
6.0 code
 firebird2.5-classic-common - common files for firebird 2.5 "classic" and 
"superclassic" server
 firebird2.5-common - common files for firebird 2.5 servers and clients
 firebird2.5-common-doc - copyright, licnesing and changelogs of firebird2.5
 firebird2.5-dev - Development files for Firebird - an RDBMS based on InterBase 
6.0
 firebird2.5-doc - Documentation files for firebird database version 2.5
 firebird2.5-examples - Examples for Firebird - an RDBMS based on InterBase 6.0 
code
 firebird2.5-server-common - common files for firebird 2.5 servers
 firebird2.5-super - Firebird Super Server - an RDBMS based on InterBase 6.0 
code
 firebird2.5-superclassic - Firebird SupecClassic Server - an RDBMS based on 
InterBase 6.0 co
 libfbclient2 - Firebird client library
 libfbembed2.5 - Firebird embedded client/server library
 libib-util - Firebird UDF support library
Closes: 772880
Changes: 
 firebird2.5 (2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze2) squeeze-lts; 
urgency=high
 .
   * Non-maintainer upload by the Squeeze LTS Team.
   * Apply patch from upstream revision 60322 fixing an unauthenticated remote
     null-pointer dereference crash (CVE-2014-9323). Closes: #772880
Checksums-Sha1: 
 b6a712552b0e0735548083551b83c44abb3b17e4 2674 
firebird2.5_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze2.dsc
 07f39f34dd8ec37c0e9bdfa1b9ca450257102c29 6915217 
firebird2.5_2.5.0.26054~ReleaseCandidate3.ds2.orig.tar.gz
 1fd41609057dcb4208d8329977b0a8b30a031e46 126333 
firebird2.5_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze2.diff.gz
 ae11b05a16b8b9f7fba46d82ac54ab5e17cf55e1 64972 
firebird2.5-dev_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze2_all.deb
 897e084f660d864e671ac49d4e942b14e172b388 167708 
firebird2.5-examples_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze2_all.deb
 a094cabbfffd9f5d8477baa7ab2c280da6ea59a3 183094 
firebird2.5-doc_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze2_all.deb
 6de3f0e05fc2b018ecf1c2166a0b33fdc8c45369 632852 
firebird2.5-common-doc_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze2_all.deb
 53215a86ba19ea8de29644f359b9fd03dc62a187 3634882 
firebird2.5-super_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze2_i386.deb
 7265b3095eac960a26e0196fba1525206e42f742 32920 
firebird2.5-classic_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze2_i386.deb
 9ba0819351e9099ce91502ba0ffae361fddd77be 217788 
firebird2.5-superclassic_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze2_i386.deb
 a70f502078ca757297583dedd2533f4129cec9d2 333044 
libfbclient2_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze2_i386.deb
 6f6ef10af3eba12fe154ce4afe1b23354c9966dc 1970418 
libfbembed2.5_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze2_i386.deb
 fc5208071ecf524b9ebe7e58629699da18be5e05 3818 
libib-util_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze2_i386.deb
 252c175c850cc39c94375ad739d788c364bba06d 493734 
firebird2.5-common_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze2_i386.deb
 ee514795c12f1670431f7d691a31b5e98bbb5f9c 417706 
firebird2.5-server-common_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze2_i386.deb
 c461de3f018008158e7286e40388ed8025fb2088 1616596 
firebird2.5-classic-common_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze2_i386.deb
Checksums-Sha256: 
 e7d70c53d860217e93b74c5331db7331ea85bb7e704cb3c0248b970f7a1426ed 2674 
firebird2.5_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze2.dsc
 55520f0d9342b9f5f5360895343b30e6d2663f9bfd870c6ce9bd5d26001e2638 6915217 
firebird2.5_2.5.0.26054~ReleaseCandidate3.ds2.orig.tar.gz
 fecaa36deddec0a743db7a6d7f5f5c0ddc5ab6644b0ff4aaf0e9d969ca81ce0f 126333 
firebird2.5_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze2.diff.gz
 4b2f558329959e68b41f3e848261a659d766cdfa134d1b36b4fa043425756cff 64972 
firebird2.5-dev_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze2_all.deb
 d07337eb76f5c687259820c5dd23de7161e22a20b6b451ef05eefdb9d4b8d86c 167708 
firebird2.5-examples_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze2_all.deb
 f4f439a6933707df8e87a598a0439f0d2f062127ba2f60d41cbd6b8a5423db9d 183094 
firebird2.5-doc_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze2_all.deb
 254c224e56c5a4caee454edd5aa84e22110dc2dd9adf2c526965f46724662348 632852 
firebird2.5-common-doc_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze2_all.deb
 2b71ad69316fdedef763cbd4949935250b581482bfba7057751399c3163d52d9 3634882 
firebird2.5-super_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze2_i386.deb
 81e0258c68942b2577bfe4849423c299bfc0f4ed0b44fff567a3cdbfb2cc233c 32920 
firebird2.5-classic_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze2_i386.deb
 c934711595880b097ffc0a1c34a1ee9e92bd03dcef88eb1a8ec7bd8a33c1e5d4 217788 
firebird2.5-superclassic_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze2_i386.deb
 a49908a6808d6133dcb9b6d91be2e132ea754d4c0d3e1683dc81e2a08072d3fc 333044 
libfbclient2_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze2_i386.deb
 809052451a5f42ffab47b2c506c7f8cf0d0b86c3c12175afce3044efcb49195d 1970418 
libfbembed2.5_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze2_i386.deb
 f6dfe9cc96b554f33227a37554f439cc0b0c670d8fb7b9397c155bd32dac098c 3818 
libib-util_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze2_i386.deb
 116d5a983377905210ab08b1416f2bee93ae1e002e6379a5aa9d1176c789c335 493734 
firebird2.5-common_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze2_i386.deb
 f87e7d5adf73c2af14f6b3759aa029e110390f39dcd2ee7e09ed7d739087a51a 417706 
firebird2.5-server-common_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze2_i386.deb
 5131fe73f7593ff2d89e8616ab76db49f1171b484a5283f93c3c81aef076b7c7 1616596 
firebird2.5-classic-common_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze2_i386.deb
Files: 
 bb103f9b206487c87e38e975a7a81519 2674 database optional 
firebird2.5_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze2.dsc
 ca144c7a9efdf24862b1b026f7da7a05 6915217 database optional 
firebird2.5_2.5.0.26054~ReleaseCandidate3.ds2.orig.tar.gz
 9fc66e506a2444098afa2e9cee4c31ec 126333 database optional 
firebird2.5_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze2.diff.gz
 d93a362da35c6f9c57567171de83a9b5 64972 libdevel optional 
firebird2.5-dev_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze2_all.deb
 251c55ce6bd0301798c18dc79e37d316 167708 doc optional 
firebird2.5-examples_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze2_all.deb
 5087ad84c65baaa6a5ff63dfcbddb5d6 183094 doc optional 
firebird2.5-doc_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze2_all.deb
 a116e0a27998ec7151726d14deaac479 632852 doc optional 
firebird2.5-common-doc_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze2_all.deb
 8a168b418ebc30cce79619bb4c7c6029 3634882 database optional 
firebird2.5-super_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze2_i386.deb
 39d5a0287378f7bbd6b0248c3707e0f4 32920 database optional 
firebird2.5-classic_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze2_i386.deb
 5ede48ba1f517e989565b09cd3cc73ac 217788 database optional 
firebird2.5-superclassic_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze2_i386.deb
 adcaedfd8797f236951cdd9b22a28206 333044 libs optional 
libfbclient2_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze2_i386.deb
 ee2077a47c96161243cc59e066b02186 1970418 libs optional 
libfbembed2.5_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze2_i386.deb
 1599459695b0a49907407a252c7535da 3818 libs optional 
libib-util_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze2_i386.deb
 385156e5cfbd8acd79ff0e736a8aeb4a 493734 database optional 
firebird2.5-common_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze2_i386.deb
 6043aae31bda6ce45f03754682687e3e 417706 database optional 
firebird2.5-server-common_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze2_i386.deb
 a4469144201e8b45b04027d0babb0003 1616596 database optional 
firebird2.5-classic-common_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze2_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQJ8BAEBCgBmBQJUmXTyXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hH+24QALGJFaeKFvcyxcIaze9zfxzL
1i9A+0tjot/IyqHbWpm3R6M4BliFqLth53240N65eOACtpDOREu7ySho0g995NVH
1Pkjc5jcLICbMUsxEMWgovnUY/cY2zAIVh9Llx0PhEylpWD51kIW6OiT6nIBuO2w
Ik0nYMLSRCsw3PoJ+amtRpVqSzAcNTR3zA/mMl3Xx2a2kQbhZhstlAlJVb5XIWTf
sFbaIv1Sj8v039GNdR4OvqBgHByt+rrio1ZHLgqrNga+C2LrOradSMoimI6EWsLP
vNjLvkgHlb4QVIX9Fi2r/9MO4EPNPAH1T9DFbHprIAgfc5JzKcvNvmQvEvrpHzUE
4LTNBf7KZODm1EpbMFRIieKq4zv7NVwFI1Gxlsbanz19SRWTSWsOQzXAKE4Us0Qe
q51dPzKI4WdMfotXzQtL4XqFIiyNxxQ9zBeN4mGTHd33CKO4imUKRTFgQ18Hk3OB
sEe9OUk+cfS1hZzeKqFB+zPPuq7xRlcD04XcKntpHl8mk1DnPm9/cfr6p/LIgnln
R7UXDdowfVkCM8P+MUFaCbpKfn3m/kL7R+/BpVqI6aHp4gwU2BSlOpx54RVq90Rq
+td8qCNEC34c2w4i+hNcmBjGuOrZp7PKXOdiMWYp/izGbRyNr9oklu1hCmF1dg0a
79oXJlTJLBsyalfFnryD
=ypgo
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to