Package: firebird1.5 Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for firebird1.5.
CVE-2007-5245[0]: | Multiple stack-based buffer overflows in Firebird LI 1.5.3.4870 and | 1.5.4.4910, and WI 1.5.3.4870 and 1.5.4.4910, allow remote attackers | to execute arbitrary code via (1) a long service attach request on TCP | port 3050 to the SVC_attach function or (2) unspecified vectors | involving the INET_connect function. If you fix this vulnerability please also include the CVE id in your changelog entry. This is fixed in the 2.0 package in unstable. As far as I can see the fixes for these issues are: http://firebird.cvs.sourceforge.net/firebird/firebird2/src/remote/inet.cpp?r1=1.122&r2=1.123 and http://firebird.cvs.sourceforge.net/firebird/firebird2/src/jrd/svc.cpp?r1=1.97&r2=1.98 but please check back with upstream, I might have missed something. For further information: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5245 Kind regards Nico -- Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]