Bug#702736: marked as done (firebird2.5: CVE-2013-2492: Request Processing Buffer Overflow Vulnerability)

Sat, 16 Mar 2013 17:51:32 -0700 

Your message dated Sun, 17 Mar 2013 00:47:26 +0000
with message-id <e1uh1l0-0003q3...@franck.debian.org>
and subject line Bug#702736: fixed in firebird2.5 
2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1
has caused the Debian Bug report #702736,
regarding firebird2.5: CVE-2013-2492: Request Processing Buffer Overflow 
Vulnerability
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
702736: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702736
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Source: firebird2.5
Severity: grave
Tags: security

Hi

the following vulnerability was published for firebird2.5.

CVE-2013-2492[0]:
Request Processing Buffer Overflow Vulnerability

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see also [1] and [2].

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2492
    http://security-tracker.debian.org/tracker/CVE-2013-2492
[1] http://tracker.firebirdsql.org/browse/CORE-4058
[2] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2492


Thank you for looking into this.

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: firebird2.5
Source-Version: 2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1

We believe that the bug you reported is fixed in the latest version of
firebird2.5, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 702...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Damyan Ivanov <d...@debian.org> (supplier of updated firebird2.5 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 12 Mar 2013 10:21:04 +0200
Source: firebird2.5
Binary: firebird2.5-super firebird2.5-classic firebird2.5-superclassic 
libfbclient2 libfbembed2.5 libib-util firebird2.5-common 
firebird2.5-server-common firebird2.5-classic-common firebird2.5-dev 
firebird2.5-examples firebird2.5-doc firebird2.5-common-doc
Architecture: source all amd64
Version: 2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1
Distribution: stable-security
Urgency: high
Maintainer: Debian Firebird Group <pkg-firebird-gene...@lists.alioth.debian.org>
Changed-By: Damyan Ivanov <d...@debian.org>
Description: 
 firebird2.5-classic - Firebird Classic Server - an RDBMS based on InterBase 
6.0 code
 firebird2.5-classic-common - common files for firebird 2.5 "classic" and 
"superclassic" server
 firebird2.5-common - common files for firebird 2.5 servers and clients
 firebird2.5-common-doc - copyright, licnesing and changelogs of firebird2.5
 firebird2.5-dev - Development files for Firebird - an RDBMS based on InterBase 
6.0
 firebird2.5-doc - Documentation files for firebird database version 2.5
 firebird2.5-examples - Examples for Firebird - an RDBMS based on InterBase 6.0 
code
 firebird2.5-server-common - common files for firebird 2.5 servers
 firebird2.5-super - Firebird Super Server - an RDBMS based on InterBase 6.0 
code
 firebird2.5-superclassic - Firebird SupecClassic Server - an RDBMS based on 
InterBase 6.0 co
 libfbclient2 - Firebird client library
 libfbembed2.5 - Firebird embedded client/server library
 libib-util - Firebird UDF support library
Closes: 693210 702736
Changes: 
 firebird2.5 (2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1) stable-security; 
urgency=high
 .
   * Apply patch from upstream revision r57728 (unfuzzied) fixing a remote
     unauthenticated stack overflow in the Firebird server (CVE-2013-2492)
     Closes: #702736
   * Apply patch from upstream revision r54702 fixing a crash (NULL pointer
     dereference) when peraring an empty SQL statement with trace services
     enabled (CVE-2012-5529)
     Closes: #693210
Checksums-Sha1: 
 9606b98bb730635c1c68f24ebbf3ae7cbd6ae0a6 2561 
firebird2.5_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1.dsc
 07f39f34dd8ec37c0e9bdfa1b9ca450257102c29 6915217 
firebird2.5_2.5.0.26054~ReleaseCandidate3.ds2.orig.tar.gz
 86175222bf96708f060cd50e451a861a53e123ab 127686 
firebird2.5_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1.diff.gz
 525931a43383acec964679c7ef48c0f1d161d0e3 65370 
firebird2.5-dev_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_all.deb
 923a3d03c8439a7e5db2ab33f4cc2ea27b5f0600 167712 
firebird2.5-examples_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_all.deb
 29e576248ee341a523152351078230961b2285b6 176742 
firebird2.5-doc_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_all.deb
 9c9bc987330d31850eaee34960c1fa0cbff140de 633158 
firebird2.5-common-doc_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_all.deb
 dd4c94aad61ff40d9e95e6a8b11a0e612449c348 3499302 
firebird2.5-super_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_amd64.deb
 4fe9929b31a39953d630973e04f284a86777664e 33326 
firebird2.5-classic_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_amd64.deb
 c2e06f007bc7c28d9b3a21422c7f5344f182eebf 212382 
firebird2.5-superclassic_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_amd64.deb
 b8585c5974a0f59bf192101d2ff6627b219d22bd 336442 
libfbclient2_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_amd64.deb
 8319e216dc440052750ac3da8b6b2a9f8f133cf9 1911206 
libfbembed2.5_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_amd64.deb
 d35284ec1b09f1a1a78d61c08ce20f748f0fda2f 3862 
libib-util_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_amd64.deb
 23f0c143a8ec4e425c5df7af328c55afa34d082d 492548 
firebird2.5-common_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_amd64.deb
 d0e0d2d37222f4f16abc044618333c5fb83d7d4f 407816 
firebird2.5-server-common_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_amd64.deb
 b27fce604d9553dea55d179603299fcc05a5a55b 1566420 
firebird2.5-classic-common_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_amd64.deb
Checksums-Sha256: 
 2684b14117d91012b151a30b46ddbe4038b99e48b14a00f290d43873ca69761b 2561 
firebird2.5_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1.dsc
 55520f0d9342b9f5f5360895343b30e6d2663f9bfd870c6ce9bd5d26001e2638 6915217 
firebird2.5_2.5.0.26054~ReleaseCandidate3.ds2.orig.tar.gz
 3e7dec929e41b4995e983f38b91b00a3645e8f9043c131d4c25d1d5f1f55e053 127686 
firebird2.5_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1.diff.gz
 17afad38268b2cd0fe1fa30a89e3918aea48d2bb783123a87c42003e227935a2 65370 
firebird2.5-dev_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_all.deb
 1020e5f36a3a6b00cf8ebe2762e6137e13b80411f5443fe5b02c8f4b5531669e 167712 
firebird2.5-examples_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_all.deb
 78c392d44dee65cd524216ca76b825c5cc1d438da7592770c6f9cb025cc7bbd3 176742 
firebird2.5-doc_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_all.deb
 def312e46c3b6659c2897afed7ecde1b33d29c610e0d7ff1c7513d6fe3f747c3 633158 
firebird2.5-common-doc_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_all.deb
 03877b25b06749b434b63dad19040413218a88dbfa1c210906020dab2467bb44 3499302 
firebird2.5-super_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_amd64.deb
 fe55d074d152dc7d730a3da63b49188038b50530ada259f80761e0dbde02a5b7 33326 
firebird2.5-classic_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_amd64.deb
 34ac3cafc5d6afd566dc2cbd98b1aacaaff64730f54df93410d2ef6802c4b8ab 212382 
firebird2.5-superclassic_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_amd64.deb
 0da8890377b8e757ee14ac7f41c1af99b03ce08bf27f2e26dd2f2ba34cdbf9d0 336442 
libfbclient2_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_amd64.deb
 aadbd22290f7356a6d35225ee408eefe994f4c755fdf1b50b7417fe88ce6f847 1911206 
libfbembed2.5_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_amd64.deb
 ad2287236b75a3108d7d6f00e79b0bd4a77a29b6e13b56b22cec8dc203bdc43a 3862 
libib-util_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_amd64.deb
 7eba17ab2aad82d326fdd8ba801c042b706287152c8578e4be05e13ff1109467 492548 
firebird2.5-common_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_amd64.deb
 4b8bddba7f4f6f23e03052dac33832ab130cd371a2a8dc2c7c6d55e2e96cd3c6 407816 
firebird2.5-server-common_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_amd64.deb
 0005d29956ddef553433dfcc328f37c5d2ea0826615eb94a24c903764a30997f 1566420 
firebird2.5-classic-common_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_amd64.deb
Files: 
 5744af43a2f619215db27280e300f02e 2561 database optional 
firebird2.5_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1.dsc
 ca144c7a9efdf24862b1b026f7da7a05 6915217 database optional 
firebird2.5_2.5.0.26054~ReleaseCandidate3.ds2.orig.tar.gz
 8641b2d2591df3d0f76b7077691713d5 127686 database optional 
firebird2.5_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1.diff.gz
 b50d3fb88c1d5d8187f408945a5dffa4 65370 libdevel optional 
firebird2.5-dev_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_all.deb
 3dc4771bd7efdd6c5e03c85ec15d4a96 167712 doc optional 
firebird2.5-examples_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_all.deb
 fa2d6f8bdbf79fa1c1e12edec5cbbeb7 176742 doc optional 
firebird2.5-doc_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_all.deb
 dc1bf4bf74c2f5a3f74537ebeb3dc97b 633158 doc optional 
firebird2.5-common-doc_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_all.deb
 03600126848bf6f815b18a31437b7b7d 3499302 database optional 
firebird2.5-super_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_amd64.deb
 5e3177af7c9858df29141550a4381bca 33326 database optional 
firebird2.5-classic_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_amd64.deb
 87a7643c956b5dbc17a490f38ccfb1f2 212382 database optional 
firebird2.5-superclassic_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_amd64.deb
 4034848631f1c34fb6f2d20da0303af6 336442 libs optional 
libfbclient2_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_amd64.deb
 6f3b09c7cf156a18f1f7ae70308a2065 1911206 libs optional 
libfbembed2.5_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_amd64.deb
 7f47eb4ed97eb6204fbcdfdbe882a40f 3862 libs optional 
libib-util_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_amd64.deb
 4762f15b0e8e49ab63822c3d14c9a2a1 492548 database optional 
firebird2.5-common_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_amd64.deb
 1c8fdbbeeed0c038c8e34623fff60c35 407816 database optional 
firebird2.5-server-common_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_amd64.deb
 29f0c662292b64e285cf170597111933 1566420 database optional 
firebird2.5-classic-common_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJRPv4mAAoJENu+nU2Z0qAEn1QP/j7t7/cliK91GkwO6EhZX8BB
Ht+5W8M7H2QVthBv06Gklknvzy8+Gtd6ykfykkCs4iAExQnLxD774zYbbMmaWwXo
jKwiB3a82bWw2rouuNk9uKPJ5H3HG17dH6bMcZM45dyk7dFwrU3BMNtj72Sn02g6
b36sdP2qwpgrqlF3IsfVWqzn9rp0OLX+pR+2/7/7W5JdyKh7Tp6SzMYP5JUkloNB
Em+VJC1FXgYdtn7ycliMa++8oeL/ED+S1MJCfua2x1OXvQkZaLDTcxXojD5PRcXG
wI7QKTwdJRCruU8F1mM5ZUnrLFVp6zbsL9MF7SfMQwzwneTQaDkaYKK9SMzpN/c8
TS3SSCBadp4enTxFG8HJVVARJPfapKO8x+FxNbPLDWZx2ftjIhU3Ug4aEWHWYzai
M2ioAS4gZP7pEdu0er9CWKS5Wg0gISRxzUrvlxN7kIkjI3od3ytW1bymeAnDAm8H
Qpi8fjbN3/Jiq7vokGBxEAR7mnjJIlK3pr8vskGJgwTFrCODhIq/3hlg4GFsiStS
wBWH4ytX6dJkWF3VAFUp+GQ8UbD9qTBK2q8lt1Z5MwW+mu0Wbf0DyN12/dcU6qfl
HnW4UF5wR/i6jL4y7u58B0mFJRJuDseyumIdin9+vqkI6DFUVj4Atbo91Icbt1KO
Hef+hvufEGS4tM3rsRgj
=IqRk
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to