Dear release managers, Please approve the upload of firebird2.0 2.0.4.13130-1.ds1-4+lenny1 to stable. The current version there (2.0.4.13130-1.ds1-4) suffers from a remote security problem (CVE-2009-2620; debian bug #539477). The CVE is marked as minor in http://security-tracker.debian.org/tracker/CVE-2009-2620 and no DSA was issued. The patch was taken from upstream CVS. Attached are the interdiff, the patch that was added and the debdiff. Thanks for your time. -- dam
diff -u firebird2.0-2.0.4.13130-1.ds1/debian/changelog firebird2.0-2.0.4.13130-1.ds1/debian/changelog --- firebird2.0-2.0.4.13130-1.ds1/debian/changelog +++ firebird2.0-2.0.4.13130-1.ds1/debian/changelog @@ -1,3 +1,10 @@ +firebird2.0 (2.0.4.13130-1.ds1-4+lenny1) stable; urgency=high + + * add patch from upstream CVS fixing denial of service via a malformed + op_connect_request message (CVE-2009-2620). Closes: #539477 + + -- Damyan Ivanov <dmn@debian.org> Tue, 18 Aug 2009 18:16:00 +0300 + firebird2.0 (2.0.4.13130-1.ds1-4) unstable; urgency=low * Updated Swedish debconf translation by Martin Bagge. Closes: #491766 diff -u firebird2.0-2.0.4.13130-1.ds1/debian/patches/series firebird2.0-2.0.4.13130-1.ds1/debian/patches/series --- firebird2.0-2.0.4.13130-1.ds1/debian/patches/series +++ firebird2.0-2.0.4.13130-1.ds1/debian/patches/series @@ -22,0 +23 @@ +cvs_CVE-2009-2620_DOS.patch only in patch2: unchanged: --- firebird2.0-2.0.4.13130-1.ds1.orig/debian/patches/cvs_CVE-2009-2620_DOS.patch +++ firebird2.0-2.0.4.13130-1.ds1/debian/patches/cvs_CVE-2009-2620_DOS.patch @@ -0,0 +1,35 @@ +Author: Dmitry Yemanov +Description: fix possible DoS attack using the malformed packet sent into the + connection port +Upstream-Bug: http://tracker.firebirdsql.org/browse/CORE-2563 +Debian-Bug: 539477 +Upstream-VCS-Commit: http://firebird.cvs.sourceforge.net/viewvc/firebird/firebird2/src/remote/server.cpp?r1=1.126.2.16&r2=1.126.2.17&pathrev=B2_0_Release +--- a/src/remote/server.cpp ++++ b/src/remote/server.cpp +@@ -1013,6 +1013,13 @@ static void aux_request( rem_port* port, + port->port_status_vector = status_vector; + success(status_vector); + ++ RDB rdb = port->port_context; ++ if (bad_db(status_vector, rdb)) ++ { ++ port->send_response(send, 0, 0, status_vector); ++ return; ++ } ++ + // This buffer is used by INET and WNET transports + // to return the server identification string + UCHAR buffer[BUFFER_TINY]; +@@ -1020,12 +1027,6 @@ static void aux_request( rem_port* port, + send->p_resp.p_resp_data.cstr_address = buffer; + + rem_port* aux_port = port->request(send); +- RDB rdb = port->port_context; +- if (bad_db(status_vector, rdb)) +- { +- // who has any idea what else to do with such attempt +- return; +- } + + port->send_response(send, rdb->rdb_id, + send->p_resp.p_resp_data.cstr_length, status_vector);
Author: Dmitry Yemanov Description: fix possible DoS attack using the malformed packet sent into the connection port Upstream-Bug: http://tracker.firebirdsql.org/browse/CORE-2563 Debian-Bug: 539477 Upstream-VCS-Commit: http://firebird.cvs.sourceforge.net/viewvc/firebird/firebird2/src/remote/server.cpp?r1=1.126.2.16&r2=1.126.2.17&pathrev=B2_0_Release --- a/src/remote/server.cpp +++ b/src/remote/server.cpp @@ -1013,6 +1013,13 @@ static void aux_request( rem_port* port, port->port_status_vector = status_vector; success(status_vector); + RDB rdb = port->port_context; + if (bad_db(status_vector, rdb)) + { + port->send_response(send, 0, 0, status_vector); + return; + } + // This buffer is used by INET and WNET transports // to return the server identification string UCHAR buffer[BUFFER_TINY]; @@ -1020,12 +1027,6 @@ static void aux_request( rem_port* port, send->p_resp.p_resp_data.cstr_address = buffer; rem_port* aux_port = port->request(send); - RDB rdb = port->port_context; - if (bad_db(status_vector, rdb)) - { - // who has any idea what else to do with such attempt - return; - } port->send_response(send, rdb->rdb_id, send->p_resp.p_resp_data.cstr_length, status_vector);
File lists identical (after any substitutions) Control files of package firebird2.0-classic: lines which differ (wdiff format) ------------------------------------------------------------------------------- Depends: libc6 (>= 2.7-1), libeditline0, libfbembed2 (>= 2.0.4), libgcc1 (>= 1:4.1.1), libstdc++6 (>= 4.1.1), firebird2.0-common (= [-2.0.4.13130-1.ds1-4),-] {+2.0.4.13130-1.ds1-4+lenny1),+} netbase, firebird2.0-server-common (= [-2.0.4.13130-1.ds1-4),-] {+2.0.4.13130-1.ds1-4+lenny1),+} openbsd-inetd | inet-superserver, debconf (>= 0.5) | debconf-2.0, debconf (>= 1.4.69) | cdebconf (>= 0.43) Version: [-2.0.4.13130-1.ds1-4-] {+2.0.4.13130-1.ds1-4+lenny1+} Control files of package firebird2.0-common: lines which differ (wdiff format) ------------------------------------------------------------------------------ Version: [-2.0.4.13130-1.ds1-4-] {+2.0.4.13130-1.ds1-4+lenny1+} Control files of package firebird2.0-dev: lines which differ (wdiff format) --------------------------------------------------------------------------- Version: [-2.0.4.13130-1.ds1-4-] {+2.0.4.13130-1.ds1-4+lenny1+} Control files of package firebird2.0-doc: lines which differ (wdiff format) --------------------------------------------------------------------------- Version: [-2.0.4.13130-1.ds1-4-] {+2.0.4.13130-1.ds1-4+lenny1+} Control files of package firebird2.0-examples: lines which differ (wdiff format) -------------------------------------------------------------------------------- Version: [-2.0.4.13130-1.ds1-4-] {+2.0.4.13130-1.ds1-4+lenny1+} Control files of package firebird2.0-server-common: lines which differ (wdiff format) ------------------------------------------------------------------------------------- Version: [-2.0.4.13130-1.ds1-4-] {+2.0.4.13130-1.ds1-4+lenny1+} Control files of package firebird2.0-super: lines which differ (wdiff format) ----------------------------------------------------------------------------- Depends: libc6 (>= 2.7-1), libeditline0, libfbclient2 (>= 2.0.4), libgcc1 (>= 1:4.1.1), libicu38 (>= 3.8-5), libstdc++6 (>= 4.1.1), firebird2.0-common (= [-2.0.4.13130-1.ds1-4),-] {+2.0.4.13130-1.ds1-4+lenny1),+} firebird2.0-server-common (= [-2.0.4.13130-1.ds1-4),-] {+2.0.4.13130-1.ds1-4+lenny1),+} lsb-base, debconf (>= 0.5) | debconf-2.0, debconf (>= 1.4.69) | cdebconf (>= 0.43) Version: [-2.0.4.13130-1.ds1-4-] {+2.0.4.13130-1.ds1-4+lenny1+} Control files of package libfbclient2: lines which differ (wdiff format) ------------------------------------------------------------------------ Depends: libc6 (>= 2.7-1), libgcc1 (>= 1:4.1.1), libstdc++6 (>= 4.1.1), firebird2.0-common (= [-2.0.4.13130-1.ds1-4)-] {+2.0.4.13130-1.ds1-4+lenny1)+} Version: [-2.0.4.13130-1.ds1-4-] {+2.0.4.13130-1.ds1-4+lenny1+} Control files of package libfbembed2: lines which differ (wdiff format) ----------------------------------------------------------------------- Depends: libc6 (>= 2.7-1), libgcc1 (>= 1:4.1.1), libicu38 (>= 3.8-5), libstdc++6 (>= 4.1.1), firebird2.0-common (= [-2.0.4.13130-1.ds1-4),-] {+2.0.4.13130-1.ds1-4+lenny1),+} firebird2.0-server-common (= [-2.0.4.13130-1.ds1-4)-] {+2.0.4.13130-1.ds1-4+lenny1)+} Version: [-2.0.4.13130-1.ds1-4-] {+2.0.4.13130-1.ds1-4+lenny1+}
Attachment:
signature.asc
Description: Digital signature