Your message dated Wed, 24 Dec 2014 15:17:06 +0000 with message-id <e1y3ngq-000790...@franck.debian.org> and subject line Bug#772880: fixed in firebird2.5 2.5.2.26540.ds4-1~deb7u2 has caused the Debian Bug report #772880, regarding firebird2.5: CVE-2014-9323: Segfault in server caused by malformed network packet to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 772880: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772880 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: src:firebird2.5 Severity: important Tags: security upstream patch Forwarded: http://tracker.firebirdsql.org/browse/CORE-4630 According to upstream¹, firebird server versions prior to 3.0 can be tricked to a null pointer dereference by an unauthenticated remote client. 1: http://www.firebirdsql.org/en/news/security-updates-for-v2-1-and-v2-5-series-66011/ The fix is contained in revision 60322² of upstream's subversion repository. 2: https://sourceforge.net/p/firebird/code/60322/ -- dam -- System Information: Debian Release: 8.0 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'unstable'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=bg_BG.UTF-8, LC_CTYPE=bg_BG.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
--- End Message ---
--- Begin Message ---Source: firebird2.5 Source-Version: 2.5.2.26540.ds4-1~deb7u2 We believe that the bug you reported is fixed in the latest version of firebird2.5, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 772...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Damyan Ivanov <d...@debian.org> (supplier of updated firebird2.5 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 20 Dec 2014 20:52:58 +0000 Source: firebird2.5 Binary: firebird2.5-super firebird2.5-classic firebird2.5-superclassic libfbclient2 libfbembed2.5 libib-util firebird2.5-common firebird2.5-server-common firebird2.5-classic-common firebird-dev firebird2.5-examples firebird2.5-doc firebird2.5-common-doc firebird2.5-super-dbg firebird2.5-classic-dbg libfbclient2-dbg Architecture: source all amd64 Version: 2.5.2.26540.ds4-1~deb7u2 Distribution: wheezy-security Urgency: high Maintainer: Debian Firebird Group <pkg-firebird-gene...@lists.alioth.debian.org> Changed-By: Damyan Ivanov <d...@debian.org> Description: firebird-dev - Development files for Firebird - an RDBMS based on InterBase 6.0 firebird2.5-classic - Firebird Classic Server - an RDBMS based on InterBase 6.0 code firebird2.5-classic-common - common files for firebird 2.5 "classic" and "superclassic" firebird2.5-classic-dbg - collected debug symbols for firebird2.5-classic and -superclassic firebird2.5-common - common files for firebird 2.5 servers and clients firebird2.5-common-doc - copyright, licnesing and changelogs of firebird2.5 firebird2.5-doc - Documentation files for firebird database version 2.5 firebird2.5-examples - Examples for Firebird - an RDBMS based on InterBase 6.0 code firebird2.5-server-common - common files for firebird 2.5 servers firebird2.5-super - Firebird Super Server - an RDBMS based on InterBase 6.0 code firebird2.5-super-dbg - collected debug symbols for firebird2.5-super firebird2.5-superclassic - Firebird SuperClassic Server - an RDBMS based on InterBase 6.0 co libfbclient2 - Firebird client library libfbclient2-dbg - collected debug symbols for libfbclient2 libfbembed2.5 - Firebird embedded client/server library libib-util - Firebird UDF support library Closes: 772880 Changes: firebird2.5 (2.5.2.26540.ds4-1~deb7u2) wheezy-security; urgency=high . * Apply patch from upstream revision 60322 fixing an unauthenticated remote null-pointer dereference crash (CVE-2014-9323). Closes: #772880 Checksums-Sha1: 18acaf4ebc513f436d2efe3b1b1398478e80a21d 3132 firebird2.5_2.5.2.26540.ds4-1~deb7u2.dsc ea18243a6cb5657af03f968fb36e7247857614f3 3917484 firebird2.5_2.5.2.26540.ds4.orig.tar.xz addca0381b16c4cb39376be32ff2ed25ae9db69d 145010 firebird2.5_2.5.2.26540.ds4-1~deb7u2.debian.tar.gz 197a9405ddc1ee258ea2db8fd6d21a93d80de4f8 95728 firebird2.5-common_2.5.2.26540.ds4-1~deb7u2_all.deb 2c70eda016dfd18c1f924950e4f8f16bed0a7a61 164430 firebird2.5-examples_2.5.2.26540.ds4-1~deb7u2_all.deb 5f31bac41bc84226d1fcff80b21e02618efc06d4 171034 firebird2.5-doc_2.5.2.26540.ds4-1~deb7u2_all.deb fe3722d19a3c20f34ae35d86fb21e34b41b19830 638636 firebird2.5-common-doc_2.5.2.26540.ds4-1~deb7u2_all.deb Checksums-Sha256: 086ba6929a468503648bb93ae74101cb1e391ae42dfc26e8f49398643cf725aa 3132 firebird2.5_2.5.2.26540.ds4-1~deb7u2.dsc e4744fc62ab734e5b73e82a8777732fbcbfa49899d330ff80a9e680cb6f6a88c 3917484 firebird2.5_2.5.2.26540.ds4.orig.tar.xz 353e3da71674d2cd3091bc2e564a7af7290561c9d187f4fd09f0355d1ada7a3f 145010 firebird2.5_2.5.2.26540.ds4-1~deb7u2.debian.tar.gz 45679fc2dffe7f448f20376ee76354de0860f127684f5145de13b54a9db92f91 95728 firebird2.5-common_2.5.2.26540.ds4-1~deb7u2_all.deb 21d49c68ee00d1be894d6c78505882f371d95f9c755f75b32a1cd0ead2c96c3f 164430 firebird2.5-examples_2.5.2.26540.ds4-1~deb7u2_all.deb 93f84d1fb8c461789b536015c88cba45c0f0f1eb6d1acb8e1aeaf8d16040dd48 171034 firebird2.5-doc_2.5.2.26540.ds4-1~deb7u2_all.deb 58ec04c182deb44cbb8e2b4f444a5115669c0c4c693db40f5f61d85957d1835c 638636 firebird2.5-common-doc_2.5.2.26540.ds4-1~deb7u2_all.deb Files: 6dd2e2fe791662343a1f90eeb2c8c937 3132 database optional firebird2.5_2.5.2.26540.ds4-1~deb7u2.dsc bf697fbeef43ba1bcbd218de6753b479 3917484 database optional firebird2.5_2.5.2.26540.ds4.orig.tar.xz 504645d23f6beae61d48e3dd67a00700 145010 database optional firebird2.5_2.5.2.26540.ds4-1~deb7u2.debian.tar.gz 18a9512f8f6148233c7a13226cadd4f7 95728 database optional firebird2.5-common_2.5.2.26540.ds4-1~deb7u2_all.deb 239320ff859016e824494ca6b17b8c7d 164430 doc optional firebird2.5-examples_2.5.2.26540.ds4-1~deb7u2_all.deb 6595d6194eefcb748649339af4228364 171034 doc optional firebird2.5-doc_2.5.2.26540.ds4-1~deb7u2_all.deb 36dfbc131c6fa98a5032f7242d80441b 638636 doc optional firebird2.5-common-doc_2.5.2.26540.ds4-1~deb7u2_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJUleZrAAoJENu+nU2Z0qAET0IP/j2HljE85M0+UkS7cDS8WWlH HCGSxb4RJ9OnSFAVqYyUTXs1zZG4AroCQfdELnqy2fgvjFxVgK7cxAm39nLFDArX zv2P1aqbAodN9lxhCJpWNP/spG95nVaDqI71uo5K1RGFjc1cVEgMZlgEXRxAjhPI d4SR/EuUMI6uYCHwzawO28jh+63Bmj+wI7tzrbaah0ItdgPiR26zE94CTQZoT5h7 i70tqJ9MJRVMbW551oYdUl1Tqp75TWhnqieuslHBajHQO3wPsJhmY6jPBPdUzDFs NXObpwG0c5WM3GPny/Exksui8u3E5GABYQN8oJzJqeMxJq5nwNqYtL/0d6qqfKLb xmujPUT80RYcPKZLJYVvICo1Ryo/FdxuC7t8ma5rY1hkmyPNDlDks3XxmZtMzwph F0ikzBv35cyGK6+hESZrr6xI1yKDhgyYgUS1EvTOh+DD0CjZcKUvXcTpamYsMPat s5BhiYrnzJQT0/55eyjRHwzO/pSP+GzM7p7oK6d3EYdTcRmyi9YAOj70E3Q4iB35 ucywjHtFkbrJaYCZcHltQmMd1mltjw6X8tvXaI4VlREt+wkNdCaZRwiKzwvAdtls 2Pb569BSu3RRxE7IUYEhfic2Kaxe2E7jF9nsjN08Gd24+5Ziu+aIiM/RnqnJwdq2 +m9uzLH0dVvcSu+pmR41 =2z/W -----END PGP SIGNATURE-----
--- End Message ---
