Bug#539477: marked as done (CVE-2009-2620: denial of service (daemon crash) via a malformed op_connect_request message)

Debian Bug Tracking System Wed, 05 Aug 2009 03:08:20 -0700

Your message dated Wed, 05 Aug 2009 09:48:11 +0000
with message-id <e1myd6r-00063k...@ries.debian.org>
and subject line Bug#539477: fixed in firebird2.0 2.0.5.13206-0.ds2-4
has caused the Debian Bug report #539477,
regarding CVE-2009-2620: denial of service (daemon crash) via a malformed 
op_connect_request message
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
539477: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=539477
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: firebird2.0
Severity: serious
Tags: security patch

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for firebird2.0.

CVE-2009-2620[0]:
| src/remote/server.cpp in fbserver.exe in Firebird SQL 1.5 before
| 1.5.6, 2.0 before 2.0.6, 2.1 before 2.1.3, and 2.5 before 2.5 Beta 2
| allows remote attackers to cause a denial of service (daemon crash)
| via a malformed op_connect_request message that triggers an infinite
| loop or NULL pointer dereference.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2620
    http://security-tracker.debian.net/tracker/CVE-2009-2620
    http://www.coresecurity.com/content/firebird-sql-dos
    Patch: 
http://firebird.cvs.sourceforge.net/viewvc/firebird/firebird2/src/remote/server.cpp?r1=1.158.2.6&r2=1.158.2.7&view=patch

Cheers,
Giuseppe.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkp0CXYACgkQNxpp46476aq0nACghSwTW+uL7r8asdjToTCuYJfw
XH8An31ZNMQ8v74NFEh6ErSrP1GHz/my
=INoS
-----END PGP SIGNATURE-----

--- End Message ---

--- Begin Message ---

Source: firebird2.0
Source-Version: 2.0.5.13206-0.ds2-4

We believe that the bug you reported is fixed in the latest version of
firebird2.0, which is due to be installed in the Debian FTP archive:

firebird2.0-classic_2.0.5.13206-0.ds2-4_amd64.deb
  to pool/main/f/firebird2.0/firebird2.0-classic_2.0.5.13206-0.ds2-4_amd64.deb
firebird2.0-common_2.0.5.13206-0.ds2-4_amd64.deb
  to pool/main/f/firebird2.0/firebird2.0-common_2.0.5.13206-0.ds2-4_amd64.deb
firebird2.0-dev_2.0.5.13206-0.ds2-4_all.deb
  to pool/main/f/firebird2.0/firebird2.0-dev_2.0.5.13206-0.ds2-4_all.deb
firebird2.0-doc_2.0.5.13206-0.ds2-4_all.deb
  to pool/main/f/firebird2.0/firebird2.0-doc_2.0.5.13206-0.ds2-4_all.deb
firebird2.0-examples_2.0.5.13206-0.ds2-4_all.deb
  to pool/main/f/firebird2.0/firebird2.0-examples_2.0.5.13206-0.ds2-4_all.deb
firebird2.0-server-common_2.0.5.13206-0.ds2-4_amd64.deb
  to 
pool/main/f/firebird2.0/firebird2.0-server-common_2.0.5.13206-0.ds2-4_amd64.deb
firebird2.0-super_2.0.5.13206-0.ds2-4_amd64.deb
  to pool/main/f/firebird2.0/firebird2.0-super_2.0.5.13206-0.ds2-4_amd64.deb
firebird2.0_2.0.5.13206-0.ds2-4.diff.gz
  to pool/main/f/firebird2.0/firebird2.0_2.0.5.13206-0.ds2-4.diff.gz
firebird2.0_2.0.5.13206-0.ds2-4.dsc
  to pool/main/f/firebird2.0/firebird2.0_2.0.5.13206-0.ds2-4.dsc
libfbembed2_2.0.5.13206-0.ds2-4_amd64.deb
  to pool/main/f/firebird2.0/libfbembed2_2.0.5.13206-0.ds2-4_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 539...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Damyan Ivanov <d...@debian.org> (supplier of updated firebird2.0 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 05 Aug 2009 10:22:39 +0300
Source: firebird2.0
Binary: firebird2.0-super firebird2.0-classic libfbembed2 firebird2.0-common 
firebird2.0-server-common firebird2.0-dev firebird2.0-examples firebird2.0-doc
Architecture: source all amd64
Version: 2.0.5.13206-0.ds2-4
Distribution: unstable
Urgency: high
Maintainer: Debian Firebird Group <pkg-firebird-gene...@lists.alioth.debian.org>
Changed-By: Damyan Ivanov <d...@debian.org>
Description: 
 firebird2.0-classic - Firebird Classic Server - an RDBMS based on InterBase 
6.0 code
 firebird2.0-common - common files for firebird 2.0 servers and clients
 firebird2.0-dev - Development files for Firebird - an RDBMS based on InterBase 
6.0 
 firebird2.0-doc - Documentation files for firebird database version 2.0
 firebird2.0-examples - Examples for Firebird - an RDBMS based on InterBase 6.0 
code
 firebird2.0-server-common - common files for firebird 2.0 servers
 firebird2.0-super - Firebird Super Server - an RDBMS based on InterBase 6.0 
code
 libfbembed2 - Firebird embedded client/server library
Closes: 539477
Changes: 
 firebird2.0 (2.0.5.13206-0.ds2-4) unstable; urgency=high
 .
   * add patch from upstream CVS fixing server crash via malformed
     op_connect_request message (CVE-2009-2620)
     Closes: #539477
     Thanks to Giuseppe Iuculano.
   * Standards-Version: 3.8.2 (no changes needed)
Checksums-Sha1: 
 ddd85f394fb40ff1f61a74e7ad7c78d44ad1154b 1714 
firebird2.0_2.0.5.13206-0.ds2-4.dsc
 a387b466078068d41898f1f9333f9af5be22fa5b 115744 
firebird2.0_2.0.5.13206-0.ds2-4.diff.gz
 6ec876667f97d5f3f0957dc893ffa94135c6d30e 453554 
firebird2.0-dev_2.0.5.13206-0.ds2-4_all.deb
 8d90b1015214e3fc6b42efba06ea9f38ccaa6142 551830 
firebird2.0-examples_2.0.5.13206-0.ds2-4_all.deb
 7752a5237572713da74ec424a44d402c9f0ba212 1320200 
firebird2.0-doc_2.0.5.13206-0.ds2-4_all.deb
 015429721962ccc9284f4fd77bec7f02c8fe4fce 2832740 
firebird2.0-super_2.0.5.13206-0.ds2-4_amd64.deb
 9d6c270ba0d8ae15028886c99ff0c0d9ce1bafe4 1747986 
firebird2.0-classic_2.0.5.13206-0.ds2-4_amd64.deb
 1d2f2312beddbf02a4930a65fc9c8d75115c8173 1487436 
libfbembed2_2.0.5.13206-0.ds2-4_amd64.deb
 3fbcef587d69a1db90c90cde099962e5ab5b3060 791268 
firebird2.0-common_2.0.5.13206-0.ds2-4_amd64.deb
 b76015172e5da8a6c93a565702fb83a083df8807 520876 
firebird2.0-server-common_2.0.5.13206-0.ds2-4_amd64.deb
Checksums-Sha256: 
 fb12ec1cccea2fd02742e0f852024b8ef1c207c8c8c0b4d32619a7357b87ca75 1714 
firebird2.0_2.0.5.13206-0.ds2-4.dsc
 3f21ed34ffeea23802c2be5b1a92d8bd2f8a69ff0038f8dd3a7a1dd5278c9946 115744 
firebird2.0_2.0.5.13206-0.ds2-4.diff.gz
 fe294c79eab4a5173bae45bcc1c04ef5a605468c768edff0ef9f8442b332b502 453554 
firebird2.0-dev_2.0.5.13206-0.ds2-4_all.deb
 fe75064feab678a1fe83352bb2b2ea650ba5bf83a605c2ef7a5b39fac4f48c14 551830 
firebird2.0-examples_2.0.5.13206-0.ds2-4_all.deb
 325d6ae2deb4982ba322292be7ea994639b09468ec8eef42dd6bf4c9f7ec8066 1320200 
firebird2.0-doc_2.0.5.13206-0.ds2-4_all.deb
 1046f694b795397feabd545c3f574547278c8b5c63d43beccc966247c1af1be5 2832740 
firebird2.0-super_2.0.5.13206-0.ds2-4_amd64.deb
 df640b44368bcf545d26c049bdaf6475f108738b68a006d998c697f27a47b66f 1747986 
firebird2.0-classic_2.0.5.13206-0.ds2-4_amd64.deb
 07b48eb1bed70968fe625d8cd2d8b3b0d6a04f625195749f7a52546b91d1adb5 1487436 
libfbembed2_2.0.5.13206-0.ds2-4_amd64.deb
 8e377fbac1a41e0af9b9093f832723e6b35fd8fadf9099d65e453f0d3dca56e6 791268 
firebird2.0-common_2.0.5.13206-0.ds2-4_amd64.deb
 f5b12a14c2f7e5bc8e3ec9606a8cfa35544988f2fb18637d828e8b76ea5951d6 520876 
firebird2.0-server-common_2.0.5.13206-0.ds2-4_amd64.deb
Files: 
 ed42e7f17a01ec4b4b2a03075eb95edc 1714 database optional 
firebird2.0_2.0.5.13206-0.ds2-4.dsc
 e9ea73b7e8820e8b4123a978ca0e8c73 115744 database optional 
firebird2.0_2.0.5.13206-0.ds2-4.diff.gz
 ad331215ea41e93a87198e8f9a8d1ec6 453554 libdevel optional 
firebird2.0-dev_2.0.5.13206-0.ds2-4_all.deb
 5e2a62c1f5f2d57585291d8493b6d67a 551830 doc optional 
firebird2.0-examples_2.0.5.13206-0.ds2-4_all.deb
 a5ffcb435fcb8de146e86d2973c3978c 1320200 doc optional 
firebird2.0-doc_2.0.5.13206-0.ds2-4_all.deb
 46ae045ae752780c4c693ba9158feb79 2832740 database optional 
firebird2.0-super_2.0.5.13206-0.ds2-4_amd64.deb
 030cd2963d7f26fc7800b8df2aaf8883 1747986 database optional 
firebird2.0-classic_2.0.5.13206-0.ds2-4_amd64.deb
 a1a41fb7013995789ad659b0fb58464b 1487436 libs optional 
libfbembed2_2.0.5.13206-0.ds2-4_amd64.deb
 5ed7b2144f64692f73d664e08b8a4f8a 791268 database optional 
firebird2.0-common_2.0.5.13206-0.ds2-4_amd64.deb
 b1a60c26d93613eded1546fcf8abf9ed 520876 database optional 
firebird2.0-server-common_2.0.5.13206-0.ds2-4_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkp5PAQACgkQHqjlqpcl9jsrWgCeMwXfE+0sX4z3Ii3DwvNeSbRd
3CUAn2qtJPYjtzu3wi5KxwPsigpeO5XL
=Hqds
-----END PGP SIGNATURE-----

--- End Message ---

Bug#539477: marked as done (CVE-2009-2620: denial of service (daemon crash) via a malformed op_connect_request message)

Reply via email to