server crash on prearing an empty query with tracing enabled

Debian Bug report logs - #693210
server crash on prearing an empty query with tracing enabled

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Damyan Ivanov <dmn@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: server crash on prearing an empty query with tracing enabled

Date: Wed, 14 Nov 2012 11:35:02 +0200

Source: firebird2.5
Version: 2.5.0
Severity: important
Tags: upstream fixed-upstream security
Forwarded: http://tracker.firebirdsql.org/browse/CORE-3884

With trace enabled, preparing an empty query crashes the server on line 91 of 
/src/jrd/trace/TraceDSQLHelpers.h, since the dereferenced m_request variable is 
NULL.

Tagged as 'security' since this is a remote crash, although it requires a valid 
user/pass.

Message #8 received at 693210@bugs.debian.org (full text, mbox, reply):

From: Damyan Ivanov <dmn@debian.org>

To: 693210@bugs.debian.org

Cc: debian-security@lists.debian.org

Subject: Re: Bug#693210: server crash on prearing an empty query with tracing enabled

Date: Wed, 14 Nov 2012 23:14:51 +0200

[Message part 1 (text/plain, inline)]

(adding -security to Cc)

-=| Damyan Ivanov, 14.11.2012 11:35:02 +0200 |=-
> Source: firebird2.5
> Version: 2.5.0
> Severity: important
> Tags: upstream fixed-upstream security
> Forwarded: http://tracker.firebirdsql.org/browse/CORE-3884
> 
> With trace enabled, preparing an empty query crashes the server on line 91 of 
> /src/jrd/trace/TraceDSQLHelpers.h, since the dereferenced m_request variable is 
> NULL.
> 
> Tagged as 'security' since this is a remote crash, although it requires a valid 
> user/pass.

This issue has assigned CVE-2012-5529.

[signature.asc (application/pgp-signature, inline)]

Message #11 received at 693210-submitter@bugs.debian.org (full text, mbox, reply):

From: Hideki Yamane <henrich@debian.or.jp>

To: 693210-submitter@bugs.debian.org

Subject: Re: Bug#693210: server crash on prearing an empty query with tracing enabled

Date: Sun, 20 Jan 2013 23:40:54 +0900

[Message part 1 (text/plain, inline)]

Hi,

On Wed, 14 Nov 2012 23:14:51 +0200
Damyan Ivanov <dmn@debian.org> wrote:
> > Forwarded: http://tracker.firebirdsql.org/browse/CORE-3884
> > 
> > With trace enabled, preparing an empty query crashes the server on line 91 of 
> > /src/jrd/trace/TraceDSQLHelpers.h, since the dereferenced m_request variable is 
> > NULL.
> > 
> > Tagged as 'security' since this is a remote crash, although it requires a valid 
> > user/pass.
> 
> This issue has assigned CVE-2012-5529.

 Probably you know, it was fixed in upstream svn and they released 2.5.2.
 I've attached a patch (build fine with pbuilder), please check and apply it.

 Thanks.


-- 
Regards,

 Hideki Yamane     henrich @ debian.or.jp/org
 http://wiki.debian.org/HidekiYamane

[bug#693210_firebird.patch (text/x-diff, attachment)]

Message #14 received at 693210-submitter@bugs.debian.org (full text, mbox, reply):

From: Hideki Yamane <henrich@debian.or.jp>

To: 693210-submitter@bugs.debian.org

Cc: team@security.debian.org

Subject: Re: Bug#693210: server crash on prearing an empty query with tracing enabled

Date: Mon, 21 Jan 2013 00:37:18 +0900

[Message part 1 (text/plain, inline)]

Hi,

On Sun, 20 Jan 2013 23:40:54 +0900
Hideki Yamane <henrich@debian.or.jp> wrote:
> On Wed, 14 Nov 2012 23:14:51 +0200
> Damyan Ivanov <dmn@debian.org> wrote:
> > > Forwarded: http://tracker.firebirdsql.org/browse/CORE-3884
> > > 
> > > With trace enabled, preparing an empty query crashes the server on line 91 of 
> > > /src/jrd/trace/TraceDSQLHelpers.h, since the dereferenced m_request variable is 
> > > NULL.
> > > 
> > > Tagged as 'security' since this is a remote crash, although it requires a valid 
> > > user/pass.
> > 
> > This issue has assigned CVE-2012-5529.
> 
>  Probably you know, it was fixed in upstream svn and they released 2.5.2.
>  I've attached a patch (build fine with pbuilder), please check and apply it.

 Also for squeeze, please check and ask to produce DSA for it.


-- 
Regards,

 Hideki Yamane     henrich @ debian.or.jp/org
 http://wiki.debian.org/HidekiYamane

[firebird2.5_squeeze.diff (text/x-diff, attachment)]

Message #21 received at 693210@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@inutil.org>

To: Hideki Yamane <henrich@debian.or.jp>

Cc: 693210@bugs.debian.org

Subject: Re: Bug#693210: server crash on prearing an empty query with tracing enabled

Date: Mon, 4 Mar 2013 18:59:53 +0100

On Sun, Jan 20, 2013 at 11:40:54PM +0900, Hideki Yamane wrote:
> Hi,
> 
> On Wed, 14 Nov 2012 23:14:51 +0200
> Damyan Ivanov <dmn@debian.org> wrote:
> > > Forwarded: http://tracker.firebirdsql.org/browse/CORE-3884
> > > 
> > > With trace enabled, preparing an empty query crashes the server on line 91 of 
> > > /src/jrd/trace/TraceDSQLHelpers.h, since the dereferenced m_request variable is 
> > > NULL.
> > > 
> > > Tagged as 'security' since this is a remote crash, although it requires a valid 
> > > user/pass.
> > 
> > This issue has assigned CVE-2012-5529.
> 
>  Probably you know, it was fixed in upstream svn and they released 2.5.2.
>  I've attached a patch (build fine with pbuilder), please check and apply it.

Firebird maintainers,
can you please fix this for Wheezy?

Cheers,
        Moritz

Message #26 received at 693210@bugs.debian.org (full text, mbox, reply):

From: Slávek Banko <slavek.banko@axis.cz>

To: Moritz Muehlenhoff <jmm@inutil.org>, 693210@bugs.debian.org, All discussion related to Firebird Debian packages <pkg-firebird-general@lists.alioth.debian.org>

Subject: Re: [pkg-firebird-general] Bug#693210: server crash on prearing an empty query with tracing enabled

Date: Tue, 5 Mar 2013 17:55:51 +0100

Dne po 4. března 2013 Moritz Muehlenhoff napsal(a):
> On Sun, Jan 20, 2013 at 11:40:54PM +0900, Hideki Yamane wrote:
> > Hi,
> >
> > On Wed, 14 Nov 2012 23:14:51 +0200
> >
> > Damyan Ivanov <dmn@debian.org> wrote:
> > > > Forwarded: http://tracker.firebirdsql.org/browse/CORE-3884
> > > >
> > > > With trace enabled, preparing an empty query crashes the server
> > > > on line 91 of /src/jrd/trace/TraceDSQLHelpers.h, since the
> > > > dereferenced m_request variable is NULL.
> > > >
> > > > Tagged as 'security' since this is a remote crash, although it
> > > > requires a valid user/pass.
> > >
> > > This issue has assigned CVE-2012-5529.
> >
> >  Probably you know, it was fixed in upstream svn and they released
> > 2.5.2. I've attached a patch (build fine with pbuilder), please check
> > and apply it.
>
> Firebird maintainers,
> can you please fix this for Wheezy?
>
> Cheers,
>         Moritz
>

I can confirm that the patch from 
http://firebird.svn.sourceforge.net/viewvc?revision=54702&pathrev=54702&view=rev 
can be cleanly applied to both firebird2.5 from Squeeze, and also to 
current version from Wheezy (hence also Sid).

Is at this time of hope that it would be possible to update Wheezy version 
to final 2.5.2? In this version is mentioned problem already fixed. I 
think that the package git repository is ready for 2.5.2.

Slavek
-- 

Message #29 received at 693210@bugs.debian.org (full text, mbox, reply):

From: Damyan Ivanov <dmn@debian.org>

To: All discussion related to Firebird Debian packages <pkg-firebird-general@lists.alioth.debian.org>

Cc: Moritz Muehlenhoff <jmm@inutil.org>, 693210@bugs.debian.org, debian-release@lists.debian.org

Subject: Re: [pkg-firebird-general] Bug#693210: server crash on prearing an empty query with tracing enabled (CVE-2012-5529)

Date: Wed, 6 Mar 2013 19:00:29 +0200

[Message part 1 (text/plain, inline)]

-=| Slávek Banko, 05.03.2013 17:55:51 +0100 |=-
> Dne po 4. března 2013 Moritz Muehlenhoff napsal(a):
> > On Sun, Jan 20, 2013 at 11:40:54PM +0900, Hideki Yamane wrote:
> > > Hi,
> > >
> > > On Wed, 14 Nov 2012 23:14:51 +0200
> > >
> > > Damyan Ivanov <dmn@debian.org> wrote:
> > > > > Forwarded: http://tracker.firebirdsql.org/browse/CORE-3884
> > > > >
> > > > > With trace enabled, preparing an empty query crashes the server
> > > > > on line 91 of /src/jrd/trace/TraceDSQLHelpers.h, since the
> > > > > dereferenced m_request variable is NULL.
> > > > >
> > > > > Tagged as 'security' since this is a remote crash, although it
> > > > > requires a valid user/pass.
> > > >
> > > > This issue has assigned CVE-2012-5529.
> > >
> > >  Probably you know, it was fixed in upstream svn and they released
> > > 2.5.2. I've attached a patch (build fine with pbuilder), please check
> > > and apply it.
> >
> > Firebird maintainers,
> > can you please fix this for Wheezy?
> 
> I can confirm that the patch from 
> http://firebird.svn.sourceforge.net/viewvc?revision=54702&pathrev=54702&view=rev 
> can be cleanly applied to both firebird2.5 from Squeeze, and also to 
> current version from Wheezy (hence also Sid).
> 
> Is at this time of hope that it would be possible to update Wheezy version 
> to final 2.5.2? In this version is mentioned problem already fixed. 
> I think that the package git repository is ready for 2.5.2.

An approval request about this was sent already. Dear release team, 
can you please comment on 
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693216 ? Thanks in 
advance.


-- dam

[signature.asc (application/pgp-signature, inline)]

Message #32 received at 693210@bugs.debian.org (full text, mbox, reply):

From: Damyan Ivanov <dmn@debian.org>

To: Moritz Muehlenhoff <jmm@inutil.org>, 693210@bugs.debian.org

Cc: team@security.debian.org

Subject: Re: [pkg-firebird-general] Bug#693210: server crash on prearing an empty query with tracing enabled

Date: Sun, 10 Mar 2013 11:17:35 +0200

[Message part 1 (text/plain, inline)]

-=| Moritz Muehlenhoff, 04.03.2013 18:59:53 +0100 |=-
> On Sun, Jan 20, 2013 at 11:40:54PM +0900, Hideki Yamane wrote:
> > On Wed, 14 Nov 2012 23:14:51 +0200
> > Damyan Ivanov <dmn@debian.org> wrote:
> > > > Forwarded: http://tracker.firebirdsql.org/browse/CORE-3884
> > > > 
> > > > With trace enabled, preparing an empty query crashes the server on line 91 of 
> > > > /src/jrd/trace/TraceDSQLHelpers.h, since the dereferenced m_request variable is 
> > > > NULL.
> > > > 
> > > > Tagged as 'security' since this is a remote crash, although it requires a valid 
> > > > user/pass.
> > > 
> > > This issue has assigned CVE-2012-5529.
> > 
> >  Probably you know, it was fixed in upstream svn and they released 2.5.2.
> >  I've attached a patch (build fine with pbuilder), please check and apply it.
> 
> Firebird maintainers,
> can you please fix this for Wheezy?

Hm, what about squeeze, which is also affected? Attached is a (source) 
debdiff against the version in squeeze. Should it go via 
stable-security or stable-updates?


Thanks,
    dam

[firebird2.5_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1-source.diff (text/x-diff, attachment)]

[signature.asc (application/pgp-signature, inline)]

Message #37 received at 693210@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Damyan Ivanov <dmn@debian.org>

Cc: Moritz Muehlenhoff <jmm@inutil.org>, 693210@bugs.debian.org, team@security.debian.org

Subject: Re: [pkg-firebird-general] Bug#693210: server crash on prearing an empty query with tracing enabled

Date: Sun, 10 Mar 2013 10:38:24 +0100

Hi Damyan

On Sun, Mar 10, 2013 at 11:17:35AM +0200, Damyan Ivanov wrote:
> -=| Moritz Muehlenhoff, 04.03.2013 18:59:53 +0100 |=-
> > On Sun, Jan 20, 2013 at 11:40:54PM +0900, Hideki Yamane wrote:
> > > On Wed, 14 Nov 2012 23:14:51 +0200
> > > Damyan Ivanov <dmn@debian.org> wrote:
> > > > > Forwarded: http://tracker.firebirdsql.org/browse/CORE-3884
> > > > > 
> > > > > With trace enabled, preparing an empty query crashes the server on line 91 of 
> > > > > /src/jrd/trace/TraceDSQLHelpers.h, since the dereferenced m_request variable is 
> > > > > NULL.
> > > > > 
> > > > > Tagged as 'security' since this is a remote crash, although it requires a valid 
> > > > > user/pass.
> > > > 
> > > > This issue has assigned CVE-2012-5529.
> > > 
> > >  Probably you know, it was fixed in upstream svn and they released 2.5.2.
> > >  I've attached a patch (build fine with pbuilder), please check and apply it.
> > 
> > Firebird maintainers,
> > can you please fix this for Wheezy?
> 
> Hm, what about squeeze, which is also affected? Attached is a (source) 
> debdiff against the version in squeeze. Should it go via 
> stable-security or stable-updates?

I checked the security-tracker about this[1]. It is marked 'no-dsa'
for Squeeze, so I assume this should go trough a
stable-proposed-updates upload.

 [1]: https://security-tracker.debian.org/CVE-2012-5529

Thanks for your work on the update!

Salvatore

Message #42 received at 693210@bugs.debian.org (full text, mbox, reply):

From: Raphael Geissert <geissert@debian.org>

To: 693210@bugs.debian.org

Cc: 702736-quiet@bugs.debian.org, Debian Security Team <team@security.debian.org>

Subject: Re: [pkg-firebird-general] Bug#693210: server crash on prearing an empty query with tracing enabled

Date: Mon, 11 Mar 2013 11:52:26 +0100

Hi,

On 10 March 2013 10:38, Salvatore Bonaccorso <carnil@debian.org> wrote:
[...]
> I checked the security-tracker about this[1]. It is marked 'no-dsa'
> for Squeeze, so I assume this should go trough a
> stable-proposed-updates upload.
>
>  [1]: https://security-tracker.debian.org/CVE-2012-5529

Since there's also another issue affecting firebird, this less severe
issue could be fixed in the same DSA.

Cheers,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net

Message #47 received at 693210-close@bugs.debian.org (full text, mbox, reply):

From: Damyan Ivanov <dmn@debian.org>

To: 693210-close@bugs.debian.org

Subject: Bug#693210: fixed in firebird2.5 2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1

Date: Sun, 17 Mar 2013 00:47:26 +0000

Source: firebird2.5
Source-Version: 2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1

We believe that the bug you reported is fixed in the latest version of
firebird2.5, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 693210@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Damyan Ivanov <dmn@debian.org> (supplier of updated firebird2.5 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 12 Mar 2013 10:21:04 +0200
Source: firebird2.5
Binary: firebird2.5-super firebird2.5-classic firebird2.5-superclassic libfbclient2 libfbembed2.5 libib-util firebird2.5-common firebird2.5-server-common firebird2.5-classic-common firebird2.5-dev firebird2.5-examples firebird2.5-doc firebird2.5-common-doc
Architecture: source all amd64
Version: 2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1
Distribution: stable-security
Urgency: high
Maintainer: Debian Firebird Group <pkg-firebird-general@lists.alioth.debian.org>
Changed-By: Damyan Ivanov <dmn@debian.org>
Description: 
 firebird2.5-classic - Firebird Classic Server - an RDBMS based on InterBase 6.0 code
 firebird2.5-classic-common - common files for firebird 2.5 "classic" and "superclassic" server
 firebird2.5-common - common files for firebird 2.5 servers and clients
 firebird2.5-common-doc - copyright, licnesing and changelogs of firebird2.5
 firebird2.5-dev - Development files for Firebird - an RDBMS based on InterBase 6.0
 firebird2.5-doc - Documentation files for firebird database version 2.5
 firebird2.5-examples - Examples for Firebird - an RDBMS based on InterBase 6.0 code
 firebird2.5-server-common - common files for firebird 2.5 servers
 firebird2.5-super - Firebird Super Server - an RDBMS based on InterBase 6.0 code
 firebird2.5-superclassic - Firebird SupecClassic Server - an RDBMS based on InterBase 6.0 co
 libfbclient2 - Firebird client library
 libfbembed2.5 - Firebird embedded client/server library
 libib-util - Firebird UDF support library
Closes: 693210 702736
Changes: 
 firebird2.5 (2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1) stable-security; urgency=high
 .
   * Apply patch from upstream revision r57728 (unfuzzied) fixing a remote
     unauthenticated stack overflow in the Firebird server (CVE-2013-2492)
     Closes: #702736
   * Apply patch from upstream revision r54702 fixing a crash (NULL pointer
     dereference) when peraring an empty SQL statement with trace services
     enabled (CVE-2012-5529)
     Closes: #693210
Checksums-Sha1: 
 9606b98bb730635c1c68f24ebbf3ae7cbd6ae0a6 2561 firebird2.5_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1.dsc
 07f39f34dd8ec37c0e9bdfa1b9ca450257102c29 6915217 firebird2.5_2.5.0.26054~ReleaseCandidate3.ds2.orig.tar.gz
 86175222bf96708f060cd50e451a861a53e123ab 127686 firebird2.5_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1.diff.gz
 525931a43383acec964679c7ef48c0f1d161d0e3 65370 firebird2.5-dev_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_all.deb
 923a3d03c8439a7e5db2ab33f4cc2ea27b5f0600 167712 firebird2.5-examples_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_all.deb
 29e576248ee341a523152351078230961b2285b6 176742 firebird2.5-doc_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_all.deb
 9c9bc987330d31850eaee34960c1fa0cbff140de 633158 firebird2.5-common-doc_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_all.deb
 dd4c94aad61ff40d9e95e6a8b11a0e612449c348 3499302 firebird2.5-super_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_amd64.deb
 4fe9929b31a39953d630973e04f284a86777664e 33326 firebird2.5-classic_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_amd64.deb
 c2e06f007bc7c28d9b3a21422c7f5344f182eebf 212382 firebird2.5-superclassic_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_amd64.deb
 b8585c5974a0f59bf192101d2ff6627b219d22bd 336442 libfbclient2_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_amd64.deb
 8319e216dc440052750ac3da8b6b2a9f8f133cf9 1911206 libfbembed2.5_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_amd64.deb
 d35284ec1b09f1a1a78d61c08ce20f748f0fda2f 3862 libib-util_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_amd64.deb
 23f0c143a8ec4e425c5df7af328c55afa34d082d 492548 firebird2.5-common_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_amd64.deb
 d0e0d2d37222f4f16abc044618333c5fb83d7d4f 407816 firebird2.5-server-common_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_amd64.deb
 b27fce604d9553dea55d179603299fcc05a5a55b 1566420 firebird2.5-classic-common_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_amd64.deb
Checksums-Sha256: 
 2684b14117d91012b151a30b46ddbe4038b99e48b14a00f290d43873ca69761b 2561 firebird2.5_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1.dsc
 55520f0d9342b9f5f5360895343b30e6d2663f9bfd870c6ce9bd5d26001e2638 6915217 firebird2.5_2.5.0.26054~ReleaseCandidate3.ds2.orig.tar.gz
 3e7dec929e41b4995e983f38b91b00a3645e8f9043c131d4c25d1d5f1f55e053 127686 firebird2.5_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1.diff.gz
 17afad38268b2cd0fe1fa30a89e3918aea48d2bb783123a87c42003e227935a2 65370 firebird2.5-dev_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_all.deb
 1020e5f36a3a6b00cf8ebe2762e6137e13b80411f5443fe5b02c8f4b5531669e 167712 firebird2.5-examples_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_all.deb
 78c392d44dee65cd524216ca76b825c5cc1d438da7592770c6f9cb025cc7bbd3 176742 firebird2.5-doc_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_all.deb
 def312e46c3b6659c2897afed7ecde1b33d29c610e0d7ff1c7513d6fe3f747c3 633158 firebird2.5-common-doc_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_all.deb
 03877b25b06749b434b63dad19040413218a88dbfa1c210906020dab2467bb44 3499302 firebird2.5-super_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_amd64.deb
 fe55d074d152dc7d730a3da63b49188038b50530ada259f80761e0dbde02a5b7 33326 firebird2.5-classic_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_amd64.deb
 34ac3cafc5d6afd566dc2cbd98b1aacaaff64730f54df93410d2ef6802c4b8ab 212382 firebird2.5-superclassic_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_amd64.deb
 0da8890377b8e757ee14ac7f41c1af99b03ce08bf27f2e26dd2f2ba34cdbf9d0 336442 libfbclient2_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_amd64.deb
 aadbd22290f7356a6d35225ee408eefe994f4c755fdf1b50b7417fe88ce6f847 1911206 libfbembed2.5_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_amd64.deb
 ad2287236b75a3108d7d6f00e79b0bd4a77a29b6e13b56b22cec8dc203bdc43a 3862 libib-util_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_amd64.deb
 7eba17ab2aad82d326fdd8ba801c042b706287152c8578e4be05e13ff1109467 492548 firebird2.5-common_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_amd64.deb
 4b8bddba7f4f6f23e03052dac33832ab130cd371a2a8dc2c7c6d55e2e96cd3c6 407816 firebird2.5-server-common_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_amd64.deb
 0005d29956ddef553433dfcc328f37c5d2ea0826615eb94a24c903764a30997f 1566420 firebird2.5-classic-common_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_amd64.deb
Files: 
 5744af43a2f619215db27280e300f02e 2561 database optional firebird2.5_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1.dsc
 ca144c7a9efdf24862b1b026f7da7a05 6915217 database optional firebird2.5_2.5.0.26054~ReleaseCandidate3.ds2.orig.tar.gz
 8641b2d2591df3d0f76b7077691713d5 127686 database optional firebird2.5_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1.diff.gz
 b50d3fb88c1d5d8187f408945a5dffa4 65370 libdevel optional firebird2.5-dev_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_all.deb
 3dc4771bd7efdd6c5e03c85ec15d4a96 167712 doc optional firebird2.5-examples_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_all.deb
 fa2d6f8bdbf79fa1c1e12edec5cbbeb7 176742 doc optional firebird2.5-doc_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_all.deb
 dc1bf4bf74c2f5a3f74537ebeb3dc97b 633158 doc optional firebird2.5-common-doc_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_all.deb
 03600126848bf6f815b18a31437b7b7d 3499302 database optional firebird2.5-super_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_amd64.deb
 5e3177af7c9858df29141550a4381bca 33326 database optional firebird2.5-classic_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_amd64.deb
 87a7643c956b5dbc17a490f38ccfb1f2 212382 database optional firebird2.5-superclassic_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_amd64.deb
 4034848631f1c34fb6f2d20da0303af6 336442 libs optional libfbclient2_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_amd64.deb
 6f3b09c7cf156a18f1f7ae70308a2065 1911206 libs optional libfbembed2.5_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_amd64.deb
 7f47eb4ed97eb6204fbcdfdbe882a40f 3862 libs optional libib-util_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_amd64.deb
 4762f15b0e8e49ab63822c3d14c9a2a1 492548 database optional firebird2.5-common_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_amd64.deb
 1c8fdbbeeed0c038c8e34623fff60c35 407816 database optional firebird2.5-server-common_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_amd64.deb
 29f0c662292b64e285cf170597111933 1566420 database optional firebird2.5-classic-common_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJRPv4mAAoJENu+nU2Z0qAEn1QP/j7t7/cliK91GkwO6EhZX8BB
Ht+5W8M7H2QVthBv06Gklknvzy8+Gtd6ykfykkCs4iAExQnLxD774zYbbMmaWwXo
jKwiB3a82bWw2rouuNk9uKPJ5H3HG17dH6bMcZM45dyk7dFwrU3BMNtj72Sn02g6
b36sdP2qwpgrqlF3IsfVWqzn9rp0OLX+pR+2/7/7W5JdyKh7Tp6SzMYP5JUkloNB
Em+VJC1FXgYdtn7ycliMa++8oeL/ED+S1MJCfua2x1OXvQkZaLDTcxXojD5PRcXG
wI7QKTwdJRCruU8F1mM5ZUnrLFVp6zbsL9MF7SfMQwzwneTQaDkaYKK9SMzpN/c8
TS3SSCBadp4enTxFG8HJVVARJPfapKO8x+FxNbPLDWZx2ftjIhU3Ug4aEWHWYzai
M2ioAS4gZP7pEdu0er9CWKS5Wg0gISRxzUrvlxN7kIkjI3od3ytW1bymeAnDAm8H
Qpi8fjbN3/Jiq7vokGBxEAR7mnjJIlK3pr8vskGJgwTFrCODhIq/3hlg4GFsiStS
wBWH4ytX6dJkWF3VAFUp+GQ8UbD9qTBK2q8lt1Z5MwW+mu0Wbf0DyN12/dcU6qfl
HnW4UF5wR/i6jL4y7u58B0mFJRJuDseyumIdin9+vqkI6DFUVj4Atbo91Icbt1KO
Hef+hvufEGS4tM3rsRgj
=IqRk
-----END PGP SIGNATURE-----

Message #52 received at 693210-close@bugs.debian.org (full text, mbox, reply):

From: Damyan Ivanov <dmn@debian.org>

To: 693210-close@bugs.debian.org

Subject: Bug#693210: fixed in firebird2.5 2.5.2~svn+54698.ds4-2

Date: Mon, 18 Mar 2013 15:48:17 +0000

Source: firebird2.5
Source-Version: 2.5.2~svn+54698.ds4-2

We believe that the bug you reported is fixed in the latest version of
firebird2.5, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 693210@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Damyan Ivanov <dmn@debian.org> (supplier of updated firebird2.5 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 18 Mar 2013 17:23:50 +0200
Source: firebird2.5
Binary: firebird2.5-super firebird2.5-classic firebird2.5-superclassic libfbclient2 libfbembed2.5 libib-util firebird2.5-common firebird2.5-server-common firebird2.5-classic-common firebird-dev firebird2.5-examples firebird2.5-doc firebird2.5-common-doc firebird2.5-super-dbg firebird2.5-classic-dbg libfbclient2-dbg
Architecture: source all amd64
Version: 2.5.2~svn+54698.ds4-2
Distribution: unstable
Urgency: high
Maintainer: Debian Firebird Group <pkg-firebird-general@lists.alioth.debian.org>
Changed-By: Damyan Ivanov <dmn@debian.org>
Description: 
 firebird-dev - Development files for Firebird - an RDBMS based on InterBase 6.0
 firebird2.5-classic - Firebird Classic Server - an RDBMS based on InterBase 6.0 code
 firebird2.5-classic-common - common files for firebird 2.5 "classic" and "superclassic"
 firebird2.5-classic-dbg - collected debug symbols for firebird2.5-classic and -superclassic
 firebird2.5-common - common files for firebird 2.5 servers and clients
 firebird2.5-common-doc - copyright, licnesing and changelogs of firebird2.5
 firebird2.5-doc - Documentation files for firebird database version 2.5
 firebird2.5-examples - Examples for Firebird - an RDBMS based on InterBase 6.0 code
 firebird2.5-server-common - common files for firebird 2.5 servers
 firebird2.5-super - Firebird Super Server - an RDBMS based on InterBase 6.0 code
 firebird2.5-super-dbg - collected debug symbols for firebird2.5-super
 firebird2.5-superclassic - Firebird SuperClassic Server - an RDBMS based on InterBase 6.0 co
 libfbclient2 - Firebird client library
 libfbclient2-dbg - collected debug symbols for libfbclient2
 libfbembed2.5 - Firebird embedded client/server library
 libib-util - Firebird UDF support library
Closes: 693210 702736
Changes: 
 firebird2.5 (2.5.2~svn+54698.ds4-2) unstable; urgency=high
 .
   * High urgency for upload fixing security issues
 .
   * fix server crash when preparing an empty SQL statement with tracing enabled
     patch taken from upstream revision 54702. Closes: #693210 (CVE-2012-5529)
   * fix remote pre-authentication stack overflow in firebird server
     patch taken from upstream revision 57728. Closes: #702736 (CVE-2013-2429)
Checksums-Sha1: 
 312d4d81861226a039bae5d432d0679adb194dc6 3149 firebird2.5_2.5.2~svn+54698.ds4-2.dsc
 73191c0a5c9b83c60b5945f0e07174f4ea0eb212 135636 firebird2.5_2.5.2~svn+54698.ds4-2.debian.tar.gz
 ce5091ab4715ee2d285406b90b028bda71165e82 95774 firebird2.5-common_2.5.2~svn+54698.ds4-2_all.deb
 074553dfc6b5bf4d4feedc45b0e8e309309d2861 164394 firebird2.5-examples_2.5.2~svn+54698.ds4-2_all.deb
 84aa1118df6b13dd77415dc6c784754c86bca325 170910 firebird2.5-doc_2.5.2~svn+54698.ds4-2_all.deb
 3f54345d82498e3ca3cc6d6070b45ae2eab20552 636204 firebird2.5-common-doc_2.5.2~svn+54698.ds4-2_all.deb
 40da99c9db9ebf959876549c335f339c187ba086 2082140 firebird2.5-super_2.5.2~svn+54698.ds4-2_amd64.deb
 d4710056f8f53114d537e6a535e1c67170459573 33384 firebird2.5-classic_2.5.2~svn+54698.ds4-2_amd64.deb
 bd7ad081c17750a64cf29fb06b9651a37e684b1c 181364 firebird2.5-superclassic_2.5.2~svn+54698.ds4-2_amd64.deb
 6e14e8da14f7bc6c7c12b1c49465a274f372340e 272764 libfbclient2_2.5.2~svn+54698.ds4-2_amd64.deb
 f22b5b6ac652faa49ab283d083d6629d1e1b3754 1458846 libfbembed2.5_2.5.2~svn+54698.ds4-2_amd64.deb
 f5d2811a1560e63aa3c4fb132a9b575356e95d2c 3844 libib-util_2.5.2~svn+54698.ds4-2_amd64.deb
 046bfca0bb9174f0133117c0ca539dd2a291d5ac 528386 firebird2.5-server-common_2.5.2~svn+54698.ds4-2_amd64.deb
 fbbe13711bee55a049d8198504eb409ba58490e6 801076 firebird2.5-classic-common_2.5.2~svn+54698.ds4-2_amd64.deb
 d05495818f6cdda2a3b9b472f77dbf5637eff9cc 30942 firebird-dev_2.5.2~svn+54698.ds4-2_amd64.deb
 bf28aa2c28b742577d49246680fa0499983f3449 14960222 firebird2.5-super-dbg_2.5.2~svn+54698.ds4-2_amd64.deb
 f58e973f247e684f2fb4a8e3e096bcb422546f8e 15719484 firebird2.5-classic-dbg_2.5.2~svn+54698.ds4-2_amd64.deb
 6be5ae40fe6a7cfb378f3bed28f5bcfae88621b9 1173442 libfbclient2-dbg_2.5.2~svn+54698.ds4-2_amd64.deb
Checksums-Sha256: 
 10e0214238baf8b4a96a9771fd9861849686e40ec3e867299c7f55784a48e60f 3149 firebird2.5_2.5.2~svn+54698.ds4-2.dsc
 415bb8e68d3305c189128a8f4e4075d8f96e2532d034750ee0a1a18651d915ec 135636 firebird2.5_2.5.2~svn+54698.ds4-2.debian.tar.gz
 f770702b33b1547107c6660ef8ba12673ace0dde96588df776590d23492f6057 95774 firebird2.5-common_2.5.2~svn+54698.ds4-2_all.deb
 622aa7985f7284bca0a4ba2dfd6e1231733d1f61d6935b80e128cc9d051d75a2 164394 firebird2.5-examples_2.5.2~svn+54698.ds4-2_all.deb
 7b5f2dd6240d798d947b45951a58034fd03b903ffae0aaaf65bdf2a8cea63333 170910 firebird2.5-doc_2.5.2~svn+54698.ds4-2_all.deb
 c7ebd18ee0a9c88e3cd27d9528aaa64a2e4d459e2de8e2dc3dc7a69a9a66c4ab 636204 firebird2.5-common-doc_2.5.2~svn+54698.ds4-2_all.deb
 a3d1e7afe9e44cf6d347cde216103e0b0cbbbce7e315190563933107076f7c3c 2082140 firebird2.5-super_2.5.2~svn+54698.ds4-2_amd64.deb
 6bddfe158efc1530d7ee99f844f93a2ef4870d065acc275d2cf03db1a020a46e 33384 firebird2.5-classic_2.5.2~svn+54698.ds4-2_amd64.deb
 0d86a2900aa70433d0b82a1a6d93c4ca2bf7f44b3c95e6bc12c09e47978b458d 181364 firebird2.5-superclassic_2.5.2~svn+54698.ds4-2_amd64.deb
 6bccca79f1fa42d41b6601211d855605035d81b64b0671c093d2bd83f31c6682 272764 libfbclient2_2.5.2~svn+54698.ds4-2_amd64.deb
 ac115cc5103abf8fb8c721d28bd11c224373b39ac9c2297c78448688c5f29f4c 1458846 libfbembed2.5_2.5.2~svn+54698.ds4-2_amd64.deb
 ad6fcfd258116c6e08873f26215e85ea1eb877f840d6c47393b035ba59f39c2f 3844 libib-util_2.5.2~svn+54698.ds4-2_amd64.deb
 85fcb962e27bbfa97ff9f11aa49f2517fd7c7522dbca72ce4d0b6106f5f9d09c 528386 firebird2.5-server-common_2.5.2~svn+54698.ds4-2_amd64.deb
 e6c704a271ab2f5c1a66ade6eda73ff14d4ade972a89d9b40a3d3e7f23815728 801076 firebird2.5-classic-common_2.5.2~svn+54698.ds4-2_amd64.deb
 1587b2e3c2d8546f499f070121257c46285c5001933b42cfb85b180c55d49609 30942 firebird-dev_2.5.2~svn+54698.ds4-2_amd64.deb
 2c494d3d223af3e831d17d298a96d48e8f5517046e0473d24a709ba16b17c8c2 14960222 firebird2.5-super-dbg_2.5.2~svn+54698.ds4-2_amd64.deb
 88454fd8a25d5777096a696c862d337abda28501aec44c48aaa973cbd2565e1d 15719484 firebird2.5-classic-dbg_2.5.2~svn+54698.ds4-2_amd64.deb
 b0861f2a3983932b564bec2cbf75b421131fe01aa0b94a8f5b22706be538cb7e 1173442 libfbclient2-dbg_2.5.2~svn+54698.ds4-2_amd64.deb
Files: 
 68c8f66436d043d4730f32e8035cdf1b 3149 database optional firebird2.5_2.5.2~svn+54698.ds4-2.dsc
 6cc80cce74b66dea7ca453f0b1e41772 135636 database optional firebird2.5_2.5.2~svn+54698.ds4-2.debian.tar.gz
 4cbc4922c0f35ab567a67091aead031c 95774 database optional firebird2.5-common_2.5.2~svn+54698.ds4-2_all.deb
 63c10f6d245e459b13e190587144aa8a 164394 doc optional firebird2.5-examples_2.5.2~svn+54698.ds4-2_all.deb
 414beb0d565d8fe7bc66a2f2c0538ec0 170910 doc optional firebird2.5-doc_2.5.2~svn+54698.ds4-2_all.deb
 44db8c8ca5c679194ea590db7b5bbd9b 636204 doc optional firebird2.5-common-doc_2.5.2~svn+54698.ds4-2_all.deb
 5fa23d50c617ce8d9d37dbcd6d91f706 2082140 database optional firebird2.5-super_2.5.2~svn+54698.ds4-2_amd64.deb
 7f720abcaa7dc0876ff2051ac8ad6a19 33384 database optional firebird2.5-classic_2.5.2~svn+54698.ds4-2_amd64.deb
 ef7250689c3ed8e70b8192806d990119 181364 database optional firebird2.5-superclassic_2.5.2~svn+54698.ds4-2_amd64.deb
 b5903356b14a366b0160c2ef523e9f32 272764 libs optional libfbclient2_2.5.2~svn+54698.ds4-2_amd64.deb
 d8c55b13f3815a65486d1eb0b71b7891 1458846 libs optional libfbembed2.5_2.5.2~svn+54698.ds4-2_amd64.deb
 795cb9838ef98df4b662d7442804339c 3844 libs optional libib-util_2.5.2~svn+54698.ds4-2_amd64.deb
 c32c1d42762a85bfac525ed06ac91eec 528386 database optional firebird2.5-server-common_2.5.2~svn+54698.ds4-2_amd64.deb
 56c402ab696db47e39efa8da680de209 801076 database optional firebird2.5-classic-common_2.5.2~svn+54698.ds4-2_amd64.deb
 aa7cdf74d72bd30f57c8be48ee590a21 30942 libdevel optional firebird-dev_2.5.2~svn+54698.ds4-2_amd64.deb
 f1ec72dd68337ac225c97776c086f911 14960222 debug extra firebird2.5-super-dbg_2.5.2~svn+54698.ds4-2_amd64.deb
 5bf40c85596ec1935e38eb4a11bcc903 15719484 debug extra firebird2.5-classic-dbg_2.5.2~svn+54698.ds4-2_amd64.deb
 e99b9cbaf9297e3f42c6aaae7a6cf071 1173442 debug extra libfbclient2-dbg_2.5.2~svn+54698.ds4-2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJRRzPPAAoJENu+nU2Z0qAEELkP/RP+DQ2EUdMiqYDj925blHKi
yS+w/dCM14mnvBhz6Zm0jC0UyV/xNSTw1QYgh5sPw2HK2adLYfY2xMQZFeH1V7Ei
/Mgor9HAUH5qNxr1PGhss/7cQUYKk8+gK357BTYwGS/6+M+2phgtkBdD9ke7tdAm
Vx26JYkq7hPN9k5WirjPwPwywg+NYvVURzW9YPBusP1/J/wJMdzC/ejuDZvsWQVq
Mal12c3XS7YqLL4vLa0KJBkPwyVzeppEC9Zos4FX/qOoqqkVz6V/wlztLHh+EsdQ
B9J2G21deSqMF6j0ejE4GaqLqO+OWLMiWnhW/3x1w2xL7sg7/e/5xlHq8zuG8tgf
v0HJ+RB3G50Bx+Ci+5xa/+NaXzKis8oUQVPl6T1tKUvNs0AvQ84lrNob1ud+G/mj
cgXAfPUweStcxtlOfAomNpHNZQDqyiwaJA5eQ382cWisZ5ipuBT8LyDH7OqhB6hX
OnL4bWoGbLhQk832MQKgF7T7s6p5OfZD9Hiqfs3kwUCtxLXf+k1D1VGJ8eJbsrbJ
MpepWAJYLXHlpJ/lddRo8iXE5SLZ1+/GQ6PdiqlOGGWs7xWfICdHeSWPYj/k771k
NqhOTvb4zNFryWWheM6XizOKeTlHYTdQ2/9kKz8Tgx1s4XStcSugNZTXMZUk4K1+
3N6xMBlEXf7cbSrgMWK5
=9bVv
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.