Debian Bug report logs - #463596
firebird2.0: CVE-2008-0467 remote buffer overflow leading to arbitrary code execution

version graph

Package: firebird2.0; Maintainer for firebird2.0 is (unknown);

Reported by: Nico Golde <nion@debian.org>

Date: Fri, 1 Feb 2008 17:51:02 UTC

Severity: grave

Tags: patch, security

Fixed in version 2.0.3.12981.ds1-5

Done: Damyan Ivanov <dmn@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Firebird Group <pkg-firebird-general@lists.alioth.debian.org>:
Bug#463596; Package firebird2.0. Full text and rfc822 format available.

Acknowledgement sent to Nico Golde <nion@debian.org>:
New Bug report received and forwarded. Copy sent to Debian Firebird Group <pkg-firebird-general@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Nico Golde <nion@debian.org>
To: submit@bugs.debian.org
Subject: firebird2.0: CVE-2008-0467 remote buffer overflow leading to arbitrary code execution
Date: Fri, 1 Feb 2008 18:47:37 +0100
[Message part 1 (text/plain, inline)]
Source: firebird2.0
Severity: grave
Tags: security patch

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for firebird2.0.

CVE-2008-0467[0]:
| Buffer overflow in Firebird before 2.1.0 RC1 might allow remote
| attackers to execute arbitrary code via a long username.

You can find patches for this on:
http://tracker.firebirdsql.org/browse/CORE-1603?page=com.atlassian.jira.plugin.system.issuetabpanels:cvs-tabpanel

If you fix this vulnerability please also include the CVE id
in your changelog entry.

For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0467

Kind regards
Nico

-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[Message part 2 (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Firebird Group <pkg-firebird-general@lists.alioth.debian.org>:
Bug#463596; Package firebird2.0. Full text and rfc822 format available.

Acknowledgement sent to Nico Golde <nion@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Firebird Group <pkg-firebird-general@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #10 received at 463596@bugs.debian.org (full text, mbox):

From: Nico Golde <nion@debian.org>
To: 463596@bugs.debian.org
Subject: intent to NMU
Date: Tue, 5 Feb 2008 17:40:47 +0100
[Message part 1 (text/plain, inline)]
Hi,
I intent to NMU this bug.
Attached is a patch that fixes this security issue.

It will be also archived on:
http://people.debian.org/~nion/nmu-diff/firebird2.0-2.0.3.12981.ds1-4_2.0.3.12981.ds1-4.1.patch

Kind regards
Nico

-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[firebird2.0-2.0.3.12981.ds1-4_2.0.3.12981.ds1-4.1.patch (text/x-diff, attachment)]
[Message part 3 (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Firebird Group <pkg-firebird-general@lists.alioth.debian.org>:
Bug#463596; Package firebird2.0. Full text and rfc822 format available.

Acknowledgement sent to Damyan Ivanov <dmn@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Firebird Group <pkg-firebird-general@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #15 received at 463596@bugs.debian.org (full text, mbox):

From: Damyan Ivanov <dmn@debian.org>
To: Nico Golde <nion@debian.org>
Cc: 463596@bugs.debian.org
Subject: Re: [pkg-firebird-general] Bug#463596: intent to NMU
Date: Tue, 5 Feb 2008 20:43:42 +0200
[Message part 1 (text/plain, inline)]
Version: 2.0.3.12981.ds1-5

-=| Nico Golde, Tue, Feb 05, 2008 at 05:40:47PM +0100 |=-
> Hi,
> I intent to NMU this bug.
> Attached is a patch that fixes this security issue.
> 
> It will be also archived on:
> http://people.debian.org/~nion/nmu-diff/firebird2.0-2.0.3.12981.ds1-4_2.0.3.12981.ds1-4.1.patch

Thank you Niko for your efforts.

Unfortunately I've already upploaded a fixed package several hours ago,
incidentaly, closing a wrong bug number :(

I hope you didn't lose too much time on this...
-- 
dam            JabberID: dam@jabber.minus273.org
[signature.asc (application/pgp-signature, inline)]

Reply sent to Damyan Ivanov <dmn@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Nico Golde <nion@debian.org>:
Bug acknowledged by developer. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Firebird Group <pkg-firebird-general@lists.alioth.debian.org>:
Bug#463596; Package firebird2.0. Full text and rfc822 format available.

Acknowledgement sent to Nico Golde <nion@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Firebird Group <pkg-firebird-general@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #25 received at 463596@bugs.debian.org (full text, mbox):

From: Nico Golde <nion@debian.org>
To: 463596@bugs.debian.org
Subject: Re: Bug#463596 closed by Damyan Ivanov <dmn@debian.org> (Re: [pkg-firebird-general] Bug#463596: intent to NMU)
Date: Tue, 5 Feb 2008 21:24:23 +0100
[Message part 1 (text/plain, inline)]
Hi Debian,
* Debian Bug Tracking System <owner@bugs.debian.org> [2008-02-05 19:50]:
> > It will be also archived on:
> > http://people.debian.org/~nion/nmu-diff/firebird2.0-2.0.3.12981.ds1-4_2.0.3.12981.ds1-4.1.patch
> 
> Thank you Niko for your efforts.
> 
> Unfortunately I've already upploaded a fixed package several hours ago,
> incidentaly, closing a wrong bug number :(
> 
> I hope you didn't lose too much time on this...

No problem, happens :)
Kind regards
Nico
-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[Message part 2 (application/pgp-signature, inline)]

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 09 Mar 2008 07:32:57 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 02:47:51 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.