Your message dated Thu, 13 Aug 2009 12:17:10 +0000
with message-id <e1mbzf0-0000ya...@ries.debian.org>
and subject line Bug#539478: fixed in firebird2.1 2.1.2.18118-0.ds1-4
has caused the Debian Bug report #539478,
regarding CVE-2009-2620: denial of service (daemon crash) via a malformed
op_connect_request message
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
539478: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=539478
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: firebird2.1
Severity: serious
Tags: security patch
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for firebird2.1.
CVE-2009-2620[0]:
| src/remote/server.cpp in fbserver.exe in Firebird SQL 1.5 before
| 1.5.6, 2.0 before 2.0.6, 2.1 before 2.1.3, and 2.5 before 2.5 Beta 2
| allows remote attackers to cause a denial of service (daemon crash)
| via a malformed op_connect_request message that triggers an infinite
| loop or NULL pointer dereference.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2620
http://security-tracker.debian.net/tracker/CVE-2009-2620
http://www.coresecurity.com/content/firebird-sql-dos
Patch:
http://firebird.cvs.sourceforge.net/viewvc/firebird/firebird2/src/remote/server.cpp?r1=1.158.2.6&r2=1.158.2.7&view=patch
Cheers,
Giuseppe.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkp0CfoACgkQNxpp46476ar+YQCeIWJSoZ9CE6mNQD8rMCfQ+2jx
AjYAoJxF8SV5YYIj6s9zNAAtil+2zKqN
=/nfk
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: firebird2.1
Source-Version: 2.1.2.18118-0.ds1-4
We believe that the bug you reported is fixed in the latest version of
firebird2.1, which is due to be installed in the Debian FTP archive:
firebird2.1-classic_2.1.2.18118-0.ds1-4_amd64.deb
to pool/main/f/firebird2.1/firebird2.1-classic_2.1.2.18118-0.ds1-4_amd64.deb
firebird2.1-common-doc_2.1.2.18118-0.ds1-4_all.deb
to pool/main/f/firebird2.1/firebird2.1-common-doc_2.1.2.18118-0.ds1-4_all.deb
firebird2.1-common_2.1.2.18118-0.ds1-4_amd64.deb
to pool/main/f/firebird2.1/firebird2.1-common_2.1.2.18118-0.ds1-4_amd64.deb
firebird2.1-dev_2.1.2.18118-0.ds1-4_all.deb
to pool/main/f/firebird2.1/firebird2.1-dev_2.1.2.18118-0.ds1-4_all.deb
firebird2.1-doc_2.1.2.18118-0.ds1-4_all.deb
to pool/main/f/firebird2.1/firebird2.1-doc_2.1.2.18118-0.ds1-4_all.deb
firebird2.1-examples_2.1.2.18118-0.ds1-4_all.deb
to pool/main/f/firebird2.1/firebird2.1-examples_2.1.2.18118-0.ds1-4_all.deb
firebird2.1-server-common_2.1.2.18118-0.ds1-4_amd64.deb
to
pool/main/f/firebird2.1/firebird2.1-server-common_2.1.2.18118-0.ds1-4_amd64.deb
firebird2.1-super_2.1.2.18118-0.ds1-4_amd64.deb
to pool/main/f/firebird2.1/firebird2.1-super_2.1.2.18118-0.ds1-4_amd64.deb
firebird2.1_2.1.2.18118-0.ds1-4.diff.gz
to pool/main/f/firebird2.1/firebird2.1_2.1.2.18118-0.ds1-4.diff.gz
firebird2.1_2.1.2.18118-0.ds1-4.dsc
to pool/main/f/firebird2.1/firebird2.1_2.1.2.18118-0.ds1-4.dsc
libfbclient2_2.1.2.18118-0.ds1-4_amd64.deb
to pool/main/f/firebird2.1/libfbclient2_2.1.2.18118-0.ds1-4_amd64.deb
libfbembed2.1_2.1.2.18118-0.ds1-4_amd64.deb
to pool/main/f/firebird2.1/libfbembed2.1_2.1.2.18118-0.ds1-4_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 539...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Damyan Ivanov <d...@debian.org> (supplier of updated firebird2.1 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 13 Aug 2009 13:35:04 +0300
Source: firebird2.1
Binary: firebird2.1-super firebird2.1-classic libfbclient2 libfbembed2.1
firebird2.1-common firebird2.1-server-common firebird2.1-dev
firebird2.1-examples firebird2.1-doc firebird2.1-common-doc
Architecture: source all amd64
Version: 2.1.2.18118-0.ds1-4
Distribution: unstable
Urgency: high
Maintainer: Debian Firebird Group <pkg-firebird-gene...@lists.alioth.debian.org>
Changed-By: Damyan Ivanov <d...@debian.org>
Description:
firebird2.1-classic - Firebird Classic Server - an RDBMS based on InterBase
6.0 code
firebird2.1-common - common files for firebird 2.1 servers and clients
firebird2.1-common-doc - copyright, licensing and changelogs of firebird2.1
firebird2.1-dev - Development files for Firebird - an RDBMS based on InterBase
6.0
firebird2.1-doc - Documentation files for firebird database version 2.1
firebird2.1-examples - Examples for Firebird - an RDBMS based on InterBase 6.0
code
firebird2.1-server-common - common files for firebird 2.1 servers
firebird2.1-super - Firebird Super Server - an RDBMS based on InterBase 6.0
code
libfbclient2 - Firebird client library
libfbembed2.1 - Firebird embedded client/server library
Closes: 535760 538870 539478
Changes:
firebird2.1 (2.1.2.18118-0.ds1-4) unstable; urgency=high
.
* add patch from upstream CVS fixing denial of service (daemon crash)
via a malformed op_connect_request message (CVE-2009-2620)
Closes: #539478. Thanks to Giuseppe Iuculano
* rules: disable parallel MAKE
the targets are now chained so no simultaneous satisfaction of classic and
super build can commence. also, upstream sources aren't to be made in
parallel so pass -j1
Closes: #538870. Thanks to Bastian Blank
* fix a typo in firebird2.1-common-doc short description
Thanks to Peter Schwindt (Closes: #535760)
* Standards-Version 3.8.2 (no changes needed)
Checksums-Sha1:
14394260b2e281c14c0c6de49483f483e1b1818b 1746
firebird2.1_2.1.2.18118-0.ds1-4.dsc
e06ff0227a1c89f5b7859ef79b49542aca777774 112799
firebird2.1_2.1.2.18118-0.ds1-4.diff.gz
e4bdbd7342fd36176d7cd58167dd68af4dec140b 57482
firebird2.1-dev_2.1.2.18118-0.ds1-4_all.deb
7ed86f23378bcba124863d372737af7e64b31f77 163020
firebird2.1-examples_2.1.2.18118-0.ds1-4_all.deb
ae6fd199e5485c29db5c3311b4850c02895c24a6 1104536
firebird2.1-doc_2.1.2.18118-0.ds1-4_all.deb
4d8f9813e318acc3a0c9ff288d507025e5dfabd9 471008
firebird2.1-common-doc_2.1.2.18118-0.ds1-4_all.deb
2b648f941529efa9b2d8d806ae3b79d6af3fb77f 2912972
firebird2.1-super_2.1.2.18118-0.ds1-4_amd64.deb
4807c1a3b40a7fe7ecc9f11a544d615ebf41dcd8 1557108
firebird2.1-classic_2.1.2.18118-0.ds1-4_amd64.deb
a310bb496b540ce414041140eaff8be4d01802cf 265142
libfbclient2_2.1.2.18118-0.ds1-4_amd64.deb
e003bc8f86c6a1758e54ca2267378e561383749d 1336578
libfbembed2.1_2.1.2.18118-0.ds1-4_amd64.deb
e9cd144acbd5cced3e4c20c88e0379ecd8cf9fa4 468188
firebird2.1-common_2.1.2.18118-0.ds1-4_amd64.deb
da64025f09a0e754d87ef1920d3b92fbcbfedeed 135430
firebird2.1-server-common_2.1.2.18118-0.ds1-4_amd64.deb
Checksums-Sha256:
51cc9951c33ec1deb55d3c8d5700b0f20b49bc53afc3d0afc3a1f1186d43958c 1746
firebird2.1_2.1.2.18118-0.ds1-4.dsc
a3b52f4f9b2143ef9196fa5223629572e3d16c0cddb42877b8e2eac80bd938bc 112799
firebird2.1_2.1.2.18118-0.ds1-4.diff.gz
52ddc7929e2ae75861364b32075666c73ec18f4e065788cee12791ee82852cea 57482
firebird2.1-dev_2.1.2.18118-0.ds1-4_all.deb
7bb1b915dc4052ebc766810962de55b529524ee7fec0a1e4f71ba9468b2d61bf 163020
firebird2.1-examples_2.1.2.18118-0.ds1-4_all.deb
5098da452477325d79bdb67b11e60692365175838ee5520b508e5abeede45d0b 1104536
firebird2.1-doc_2.1.2.18118-0.ds1-4_all.deb
5dfa7ca343a4b37781e5b1f1973366db7df866df974ef82d121502c2eccb6316 471008
firebird2.1-common-doc_2.1.2.18118-0.ds1-4_all.deb
8a6fb0c8cccbf0a47b66e1faaa9b550e2f7c4abd7e5ab7e4de615e4e544d35ab 2912972
firebird2.1-super_2.1.2.18118-0.ds1-4_amd64.deb
e36728075ef1615e1b452934cf521027f82c3358f033334a17568d54768be299 1557108
firebird2.1-classic_2.1.2.18118-0.ds1-4_amd64.deb
1709ab61bb87f0e401bd13f7bc66b73cf2b082079dafd9efb6dfaebc6ca91d62 265142
libfbclient2_2.1.2.18118-0.ds1-4_amd64.deb
aff6e67896c2da1d1a542170242f4d8e9171109fcc40977bdc4b31274f2bf9fb 1336578
libfbembed2.1_2.1.2.18118-0.ds1-4_amd64.deb
a8921147775c45ca3b7a16e608f10eeba3b21c2622ef4d916104fd419f9d037a 468188
firebird2.1-common_2.1.2.18118-0.ds1-4_amd64.deb
64cb66318b94ab872887d20d51c0ed6e1d9096ffe1ccb94cb7628d792f019763 135430
firebird2.1-server-common_2.1.2.18118-0.ds1-4_amd64.deb
Files:
f9f796bbe0e8a175ba1bc2f347abf45a 1746 database optional
firebird2.1_2.1.2.18118-0.ds1-4.dsc
69c51de09795db60a88413b1dd943877 112799 database optional
firebird2.1_2.1.2.18118-0.ds1-4.diff.gz
a17ab5eb8af782449e691d8b07ed3ef8 57482 libdevel optional
firebird2.1-dev_2.1.2.18118-0.ds1-4_all.deb
3297145fb31bba9b658c6dacfd1e9c5b 163020 doc optional
firebird2.1-examples_2.1.2.18118-0.ds1-4_all.deb
cc0902d6498c07680fc0d83cc284ce17 1104536 doc optional
firebird2.1-doc_2.1.2.18118-0.ds1-4_all.deb
ec95e7322834546919fd2c667beec645 471008 doc optional
firebird2.1-common-doc_2.1.2.18118-0.ds1-4_all.deb
e1313fe669a7a2139ec4d08f5ea64184 2912972 database optional
firebird2.1-super_2.1.2.18118-0.ds1-4_amd64.deb
471ec0e27d209b1e32a1d5c1c3b197a9 1557108 database optional
firebird2.1-classic_2.1.2.18118-0.ds1-4_amd64.deb
32c10f7e7b49fe62f1362b5c90996270 265142 libs optional
libfbclient2_2.1.2.18118-0.ds1-4_amd64.deb
8dbf0d0512c254b3225ff5cd829078c5 1336578 libs optional
libfbembed2.1_2.1.2.18118-0.ds1-4_amd64.deb
2e92a8a06ec35e518d85523f200fe4d0 468188 database optional
firebird2.1-common_2.1.2.18118-0.ds1-4_amd64.deb
1afd974d4c95f8506fd05234a265c963 135430 database optional
firebird2.1-server-common_2.1.2.18118-0.ds1-4_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkqEANMACgkQHqjlqpcl9jtwXQCfaBDMhaORoG/sPuZkq2ZlRZ56
RMkAoKOZfdFxGXDITDM/tFdxaZRb3bAo
=WRuu
-----END PGP SIGNATURE-----
--- End Message ---
