Your message dated Sun, 26 Mar 2017 17:49:19 +0000 with message-id <e1csci3-0005f3...@fasolo.debian.org> and subject line Bug#858644: fixed in firebird3.0 3.0.1.32609.ds4-14 has caused the Debian Bug report #858644, regarding CVE-2017-6369: authenticated remote execution in firebird 3.0 before version 3.0.2 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 858644: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858644 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: firebird3.0-server-core Version: 3.0.1.32609.ds4-13 Severity: grave Tags: patch upstream security Justification: user security hole Forwarded: http://tracker.firebirdsql.org/browse/CORE-5474 Authenticated Firebird users are allowed to declare UDFs (user-defined functions). The default config allows using all entry points from the standard UDF library, which is dynamically linked with libc, with its symbols re-exported, including system(). Relevant upstream commits for 3.0: - https://github.com/FirebirdSQL/firebird/commit/8b2a9cb44bf6055e15f016d70a6842b8ada60375
--- End Message ---
--- Begin Message ---Source: firebird3.0 Source-Version: 3.0.1.32609.ds4-14 We believe that the bug you reported is fixed in the latest version of firebird3.0, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 858...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Damyan Ivanov <d...@debian.org> (supplier of updated firebird3.0 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 25 Mar 2017 16:07:07 +0000 Source: firebird3.0 Binary: firebird3.0-server-core firebird3.0-server firebird3.0-utils libfbclient2 libib-util firebird3.0-common firebird-dev firebird3.0-examples firebird3.0-doc firebird3.0-common-doc Architecture: source Version: 3.0.1.32609.ds4-14 Distribution: unstable Urgency: high Maintainer: Debian Firebird Group <pkg-firebird-gene...@lists.alioth.debian.org> Changed-By: Damyan Ivanov <d...@debian.org> Closes: 858644 Description: firebird3.0-common - common files for firebird 3.0 server, client and utilities firebird3.0-common-doc - copyright, licensing and changelogs of firebird3.0 firebird3.0-doc - Documentation files for firebird database version 3.0 firebird3.0-examples - Examples for Firebird - an RDBMS based on InterBase 6.0 code firebird3.0-server-core - Firebird Server - engine core firebird3.0-server - Firebird Server - an RDBMS based on InterBase 6.0 code firebird3.0-utils - Firebird user utilities firebird-dev - Development files for Firebird libfbclient2 - Firebird client library libib-util - Firebird UDF support library Changes: firebird3.0 (3.0.1.32609.ds4-14) unstable; urgency=high . * Apply commit 56e9a73c168 from upstream B3_0_Release branch fixing authenticated remote execution vulnerability (CVE-2017-6369, CORE-5474) Closes: #858644 Checksums-Sha1: f357485dfc895e442455a749007de945fadb19c8 2894 firebird3.0_3.0.1.32609.ds4-14.dsc 296dc712f3de09d018f8375c4b40a64af1ca038c 104660 firebird3.0_3.0.1.32609.ds4-14.debian.tar.xz Checksums-Sha256: 32f73a82ba790c0271c29f00c6faaccf3d844b4639334d936566ccbd00f397f7 2894 firebird3.0_3.0.1.32609.ds4-14.dsc f0a8ed775e958a2f5bd39bc34b245f0d24b2c1d19e70f973e54ee11b1477570f 104660 firebird3.0_3.0.1.32609.ds4-14.debian.tar.xz Files: 3020ed5f762a2984ee43fb5d4ca5ba33 2894 database optional firebird3.0_3.0.1.32609.ds4-14.dsc f8e95f8d3beb05777fd3c6950cadd2d2 104660 database optional firebird3.0_3.0.1.32609.ds4-14.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEErqDETssFbpNjDZ0z276dTZnSoAQFAljX++gACgkQ276dTZnS oAQdfhAAqQiWtninUNhTocg5s923f1tGgH40JTklf5vv08fly80Q+vxG2xwuA+M/ xmPD+vd5MtdLHSGzsK6f1/lh9cEu6k71NhVA8NuM7Y+XlcTY7j8t6PcL6G2lUdPR cnTThsIKPArjijF7paJViMnWTlLDLaAF0FF8S1Ws0nMBVM5trU0dAHrzLK0MQ8Om vlAcIP53EZ8JBVbcwbjrYIrJ+L5+lS4pW+sFSJ197rYeoxp/oKWu8j0wkgNRg9Rj +7r5vI7mCJnJzdPweXFlMDWtG51cEj9XO/my2FAxxhPv4FopPUNjJk9JkVq4y742 Rk0KOyVuohMH3+Ete1W8uYVTUaiTJcclOljy3GoAT0assedW+VvVGzXq6eXXFB3j 6mNL6USXEc0T4b1ju4LOzgEXHBbc0UJq3qytbZC0rqigUkvgehUjqF90201K4OA3 +Tn9fp6IGThEfzc6e7xZmVIlsasJteBErA+qoOUfJa4UwZ0g2X9Ki6M2izR1EWcU 7dG3iyqTuLWrA9H0FNhCufLgHj4XUSskBKP4FqN/XwJnlGf5DB8HoHVi9Pozd0Mq B43cw0OaCToi1gB2OgfaSakVkaVbMt8OmsV6S/AxiWrrP9TQoEq8pxed8fL4CPdz GksLDPWRzlBx/C1JWeS/6L6VNvIzVgnXC602I17URKpfz2F46NA= =zwrI -----END PGP SIGNATURE-----
--- End Message ---
