Package: firebird1.5 Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for firebird1.5.
CVE-2007-5246[0]: | Multiple stack-based buffer overflows in Firebird LI 2.0.0.12748 and | 2.0.1.12855, and WI 2.0.0.12748 and 2.0.1.12855, allow remote | attackers to execute arbitrary code via (1) a long attach request on | TCP port 3050 to the isc_attach_database function or (2) a long create | request on TCP port 3050 to the isc_create_database function. If you fix this vulnerability please also include the CVE id in your changelog entry. This bug is fixed in the 2.0 version of firebird. You can find a patch on: http://firebird.cvs.sourceforge.net/firebird/firebird2/src/jrd/why.cpp?r1=1.100.4.2&r2=1.100.4.3 For further information: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5246 Kind regards Nico -- Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
