-=| Slávek Banko, 05.03.2013 17:55:51 +0100 |=- > Dne po 4. března 2013 Moritz Muehlenhoff napsal(a): > > On Sun, Jan 20, 2013 at 11:40:54PM +0900, Hideki Yamane wrote: > > > Hi, > > > > > > On Wed, 14 Nov 2012 23:14:51 +0200 > > > > > > Damyan Ivanov <d...@debian.org> wrote: > > > > > Forwarded: http://tracker.firebirdsql.org/browse/CORE-3884 > > > > > > > > > > With trace enabled, preparing an empty query crashes the server > > > > > on line 91 of /src/jrd/trace/TraceDSQLHelpers.h, since the > > > > > dereferenced m_request variable is NULL. > > > > > > > > > > Tagged as 'security' since this is a remote crash, although it > > > > > requires a valid user/pass. > > > > > > > > This issue has assigned CVE-2012-5529. > > > > > > Probably you know, it was fixed in upstream svn and they released > > > 2.5.2. I've attached a patch (build fine with pbuilder), please check > > > and apply it. > > > > Firebird maintainers, > > can you please fix this for Wheezy? > > I can confirm that the patch from > http://firebird.svn.sourceforge.net/viewvc?revision=54702&pathrev=54702&view=rev > > can be cleanly applied to both firebird2.5 from Squeeze, and also to > current version from Wheezy (hence also Sid). > > Is at this time of hope that it would be possible to update Wheezy version > to final 2.5.2? In this version is mentioned problem already fixed. > I think that the package git repository is ready for 2.5.2.
An approval request about this was sent already. Dear release team, can you please comment on http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693216 ? Thanks in advance. -- dam
signature.asc
Description: Digital signature
