Bug#539477: marked as done (CVE-2009-2620: denial of service (daemon crash) via a malformed op_connect_request message)

Debian Bug Tracking System Thu, 14 Jan 2010 05:59:41 -0800

Your message dated Thu, 14 Jan 2010 13:53:27 +0000
with message-id <e1nvq8d-0001xl...@ries.debian.org>
and subject line Bug#539477: fixed in firebird2.0 2.0.4.13130-1.ds1-4+lenny1
has caused the Debian Bug report #539477,
regarding CVE-2009-2620: denial of service (daemon crash) via a malformed 
op_connect_request message
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
539477: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=539477
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: firebird2.0
Severity: serious
Tags: security patch

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for firebird2.0.

CVE-2009-2620[0]:
| src/remote/server.cpp in fbserver.exe in Firebird SQL 1.5 before
| 1.5.6, 2.0 before 2.0.6, 2.1 before 2.1.3, and 2.5 before 2.5 Beta 2
| allows remote attackers to cause a denial of service (daemon crash)
| via a malformed op_connect_request message that triggers an infinite
| loop or NULL pointer dereference.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2620
    http://security-tracker.debian.net/tracker/CVE-2009-2620
    http://www.coresecurity.com/content/firebird-sql-dos
    Patch: 
http://firebird.cvs.sourceforge.net/viewvc/firebird/firebird2/src/remote/server.cpp?r1=1.158.2.6&r2=1.158.2.7&view=patch

Cheers,
Giuseppe.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkp0CXYACgkQNxpp46476aq0nACghSwTW+uL7r8asdjToTCuYJfw
XH8An31ZNMQ8v74NFEh6ErSrP1GHz/my
=INoS
-----END PGP SIGNATURE-----

--- End Message ---

--- Begin Message ---

Source: firebird2.0
Source-Version: 2.0.4.13130-1.ds1-4+lenny1

We believe that the bug you reported is fixed in the latest version of
firebird2.0, which is due to be installed in the Debian FTP archive:

firebird2.0-classic_2.0.4.13130-1.ds1-4+lenny1_amd64.deb
  to main/f/firebird2.0/firebird2.0-classic_2.0.4.13130-1.ds1-4+lenny1_amd64.deb
firebird2.0-common_2.0.4.13130-1.ds1-4+lenny1_amd64.deb
  to main/f/firebird2.0/firebird2.0-common_2.0.4.13130-1.ds1-4+lenny1_amd64.deb
firebird2.0-dev_2.0.4.13130-1.ds1-4+lenny1_all.deb
  to main/f/firebird2.0/firebird2.0-dev_2.0.4.13130-1.ds1-4+lenny1_all.deb
firebird2.0-doc_2.0.4.13130-1.ds1-4+lenny1_all.deb
  to main/f/firebird2.0/firebird2.0-doc_2.0.4.13130-1.ds1-4+lenny1_all.deb
firebird2.0-examples_2.0.4.13130-1.ds1-4+lenny1_all.deb
  to main/f/firebird2.0/firebird2.0-examples_2.0.4.13130-1.ds1-4+lenny1_all.deb
firebird2.0-server-common_2.0.4.13130-1.ds1-4+lenny1_amd64.deb
  to 
main/f/firebird2.0/firebird2.0-server-common_2.0.4.13130-1.ds1-4+lenny1_amd64.deb
firebird2.0-super_2.0.4.13130-1.ds1-4+lenny1_amd64.deb
  to main/f/firebird2.0/firebird2.0-super_2.0.4.13130-1.ds1-4+lenny1_amd64.deb
firebird2.0_2.0.4.13130-1.ds1-4+lenny1.diff.gz
  to main/f/firebird2.0/firebird2.0_2.0.4.13130-1.ds1-4+lenny1.diff.gz
firebird2.0_2.0.4.13130-1.ds1-4+lenny1.dsc
  to main/f/firebird2.0/firebird2.0_2.0.4.13130-1.ds1-4+lenny1.dsc
libfbclient2_2.0.4.13130-1.ds1-4+lenny1_amd64.deb
  to main/f/firebird2.0/libfbclient2_2.0.4.13130-1.ds1-4+lenny1_amd64.deb
libfbembed2_2.0.4.13130-1.ds1-4+lenny1_amd64.deb
  to main/f/firebird2.0/libfbembed2_2.0.4.13130-1.ds1-4+lenny1_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 539...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Damyan Ivanov <d...@debian.org> (supplier of updated firebird2.0 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 18 Aug 2009 18:16:00 +0300
Source: firebird2.0
Binary: firebird2.0-super firebird2.0-classic libfbclient2 libfbembed2 
firebird2.0-common firebird2.0-server-common firebird2.0-dev 
firebird2.0-examples firebird2.0-doc
Architecture: source all amd64
Version: 2.0.4.13130-1.ds1-4+lenny1
Distribution: stable
Urgency: high
Maintainer: Debian Firebird Group <pkg-firebird-gene...@lists.alioth.debian.org>
Changed-By: Damyan Ivanov <d...@debian.org>
Description: 
 firebird2.0-classic - Firebird Classic Server - an RDBMS based on InterBase 
6.0 code
 firebird2.0-common - common files for firebird 2.0 servers and clients
 firebird2.0-dev - Development files for Firebird - an RDBMS based on InterBase 
6.0 
 firebird2.0-doc - Documentation files for firebird database version 2.0
 firebird2.0-examples - Examples for Firebird - an RDBMS based on InterBase 6.0 
code
 firebird2.0-server-common - common files for firebird 2.0 servers
 firebird2.0-super - Firebird Super Server - an RDBMS based on InterBase 6.0 
code
 libfbclient2 - Firebird client library
 libfbembed2 - Firebird embedded client/server library
Closes: 539477
Changes: 
 firebird2.0 (2.0.4.13130-1.ds1-4+lenny1) stable; urgency=high
 .
   * add patch from upstream CVS fixing denial of service via a malformed
     op_connect_request message (CVE-2009-2620). Closes: #539477
Checksums-Sha1: 
 d748e4466b5641c421580c159b8e56c0fb0d8915 1754 
firebird2.0_2.0.4.13130-1.ds1-4+lenny1.dsc
 9e490f9ff7fb9f4148bad9d57d5d324faae5e06d 110334 
firebird2.0_2.0.4.13130-1.ds1-4+lenny1.diff.gz
 069cb08ce041ac28232daaab691b68d4b93e6899 444042 
firebird2.0-dev_2.0.4.13130-1.ds1-4+lenny1_all.deb
 961840ee87fb680b99296cdc9cf16d4d74a16227 542790 
firebird2.0-examples_2.0.4.13130-1.ds1-4+lenny1_all.deb
 1c0d2506276fbd1a1ec9f02bb64708949002aee6 1289188 
firebird2.0-doc_2.0.4.13130-1.ds1-4+lenny1_all.deb
 78b2224452127cbb56d4086b7a3e9b8a52662d9d 2828642 
firebird2.0-super_2.0.4.13130-1.ds1-4+lenny1_amd64.deb
 a0e9d13bafbd021b987ea095082574c60df6a63d 1747020 
firebird2.0-classic_2.0.4.13130-1.ds1-4+lenny1_amd64.deb
 b011c1430b03684fc3732725f6680c073f868375 621954 
libfbclient2_2.0.4.13130-1.ds1-4+lenny1_amd64.deb
 c927ece8aef46168e9e905d8d9e00cd627a8258b 1468784 
libfbembed2_2.0.4.13130-1.ds1-4+lenny1_amd64.deb
 57b80c83d63925fe700035cdf84f6f1e368c5c05 782472 
firebird2.0-common_2.0.4.13130-1.ds1-4+lenny1_amd64.deb
 d3767d08a7fc302ce611b6c62e1cf691397235b9 511636 
firebird2.0-server-common_2.0.4.13130-1.ds1-4+lenny1_amd64.deb
Checksums-Sha256: 
 1c1bdf0f08e4f366d578872b42ee32bd596f4c71eebb7802355946cad7fdb931 1754 
firebird2.0_2.0.4.13130-1.ds1-4+lenny1.dsc
 4d797554207be1ab4028a2e4508f528e26cd80c9d6946b00b323bf727d0e5171 110334 
firebird2.0_2.0.4.13130-1.ds1-4+lenny1.diff.gz
 2f96fde89087e36314fca5df77fdf0dcb644aad0ed55147682279794515a3fee 444042 
firebird2.0-dev_2.0.4.13130-1.ds1-4+lenny1_all.deb
 6b48068bd15838f90af18dcd9b882c25fd487350e339cf0a6dfe76da6ef524bd 542790 
firebird2.0-examples_2.0.4.13130-1.ds1-4+lenny1_all.deb
 81cbd1a689a7c7b72f75042f9ea028ea3e00e807b063b22e396dc99accb4a296 1289188 
firebird2.0-doc_2.0.4.13130-1.ds1-4+lenny1_all.deb
 d96a2b6b11725d6df2b33dda5caf9a0442b9fd72fc68963efa1a46ae4a6bf64b 2828642 
firebird2.0-super_2.0.4.13130-1.ds1-4+lenny1_amd64.deb
 206030afd1ee94b2ce87550ea774aef91419ff73187f2465038cda31018b1700 1747020 
firebird2.0-classic_2.0.4.13130-1.ds1-4+lenny1_amd64.deb
 87d292c4f0e67db3ab93796308fc753ae75902b23061f791520efd53a912bd44 621954 
libfbclient2_2.0.4.13130-1.ds1-4+lenny1_amd64.deb
 9774573de6b5afbc6ad04cb671bb598a9c326287cd205817c3a38decfb94ffda 1468784 
libfbembed2_2.0.4.13130-1.ds1-4+lenny1_amd64.deb
 2c4229fae6fdb2a018536ee2e5d82cd9a9d821b538740af92eeae33c168c63ad 782472 
firebird2.0-common_2.0.4.13130-1.ds1-4+lenny1_amd64.deb
 34b5ad637e95eb8bfe0b2834916e2efea3b99185d6ba9060d05c1fc066b56b8a 511636 
firebird2.0-server-common_2.0.4.13130-1.ds1-4+lenny1_amd64.deb
Files: 
 daa299d7cb0b0a75c12a1015fb01b7f5 1754 misc optional 
firebird2.0_2.0.4.13130-1.ds1-4+lenny1.dsc
 5bc4ce9e244a152536f8eb47fe801d7d 110334 misc optional 
firebird2.0_2.0.4.13130-1.ds1-4+lenny1.diff.gz
 9ea6c754fac0055945fb28604ffb06eb 444042 libdevel optional 
firebird2.0-dev_2.0.4.13130-1.ds1-4+lenny1_all.deb
 97ad9bf7ac6d8f8e8a0b6da15d7828d9 542790 doc optional 
firebird2.0-examples_2.0.4.13130-1.ds1-4+lenny1_all.deb
 b91fdce7aa9e86918045fd3d36499c25 1289188 doc optional 
firebird2.0-doc_2.0.4.13130-1.ds1-4+lenny1_all.deb
 b697db2df8411c809d77f99baf06fdc9 2828642 misc optional 
firebird2.0-super_2.0.4.13130-1.ds1-4+lenny1_amd64.deb
 c9acce7111d1516b376c6121c2edcc0e 1747020 misc optional 
firebird2.0-classic_2.0.4.13130-1.ds1-4+lenny1_amd64.deb
 79f8b0ba5ba8048f176b125ce69d9b7b 621954 libs optional 
libfbclient2_2.0.4.13130-1.ds1-4+lenny1_amd64.deb
 4ba9efd74d281abca384e98b12d68580 1468784 libs optional 
libfbembed2_2.0.4.13130-1.ds1-4+lenny1_amd64.deb
 f8a13199c5dcae06119ff1ef3731db5f 782472 misc optional 
firebird2.0-common_2.0.4.13130-1.ds1-4+lenny1_amd64.deb
 e2d701d0a78f7379d2abc7e6f9f61d74 511636 misc optional 
firebird2.0-server-common_2.0.4.13130-1.ds1-4+lenny1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAktORhUACgkQHqjlqpcl9jt+3QCeJ0Bw5RGLBbkH8GMTzxe7/FW1
9z0AoI6lMyo3SdnsmI5+Zm2Bdbmlvozu
=03DV
-----END PGP SIGNATURE-----

--- End Message ---

Bug#539477: marked as done (CVE-2009-2620: denial of service (daemon crash) via a malformed op_connect_request message)

Reply via email to