Re: Wheezy update of firebird2.5?

To: Antoine Beaupré <anarcat@orangeseeds.org>
Cc: Chris Lamb <lamby@debian.org>, debian-lts@lists.debian.org
Subject: Re: Wheezy update of firebird2.5?
From: Damyan Ivanov <dmn@debian.org>
Date: Tue, 17 Apr 2018 18:03:17 +0000
Message-id: <[🔎] 20180417180316.gfys3fwpryc54i3r@fbd7c150-3361-11e8-8c11-5badabdd4a8d>
In-reply-to: <[🔎] 874lk9wyz5.fsf@curie.anarc.at>
References: <[🔎] 1522827592.3097078.1325922792.355BC213@webmail.messagingengine.com> <[🔎] 20180404195414.dlrwh5lofi4xroba@fbd7c150-3361-11e8-8c11-5badabdd4a8d> <[🔎] 874lk9wyz5.fsf@curie.anarc.at>

-=| Antoine Beaupré, 17.04.2018 12:59:26 -0400 |=-
> I don't quite know where to go from here. I was somewhat hoping that
> Wheezy would be magically not vulnerable to this issue, but obviously,
> there's something wrong here that should probably be fixed.

The only fix upstream has is to disable UDFs in firebird.conf -- 
https://salsa.debian.org/firebird-team/firebird3.0/blob/master/debian/patches/deb/cve-2017-11509.patch 
(probebly needs adaptation for firebird2.5, but you get the idea).


-- dam

Reply to:

References:
- Wheezy update of firebird2.5?
  - From: Chris Lamb <lamby@debian.org>
- Re: Wheezy update of firebird2.5?
  - From: Damyan Ivanov <dmn@debian.org>
- Re: Wheezy update of firebird2.5?
  - From: Antoine Beaupré <anarcat@orangeseeds.org>

Prev by Date: Re: Wheezy update of firebird2.5?
Next by Date: Re: calibre / CVE-2018-7889
Previous by thread: Re: Wheezy update of firebird2.5?
Next by thread: ldap-account-manager
Index(es):
- Date
- Thread