Dear release managers, Please approve the upload of firebird2.0 2.0.4.13130-1.ds1-4+lenny1 to stable. The current version there (2.0.4.13130-1.ds1-4) suffers from a remote security problem (CVE-2009-2620; debian bug #539477). The CVE is marked as minor in http://security-tracker.debian.org/tracker/CVE-2009-2620 and no DSA was issued. The patch was taken from upstream CVS. Attached are the interdiff, the patch that was added and the debdiff. Thanks for your time. -- dam
diff -u firebird2.0-2.0.4.13130-1.ds1/debian/changelog firebird2.0-2.0.4.13130-1.ds1/debian/changelog
--- firebird2.0-2.0.4.13130-1.ds1/debian/changelog
+++ firebird2.0-2.0.4.13130-1.ds1/debian/changelog
@@ -1,3 +1,10 @@
+firebird2.0 (2.0.4.13130-1.ds1-4+lenny1) stable; urgency=high
+
+ * add patch from upstream CVS fixing denial of service via a malformed
+ op_connect_request message (CVE-2009-2620). Closes: #539477
+
+ -- Damyan Ivanov <dmn@debian.org> Tue, 18 Aug 2009 18:16:00 +0300
+
firebird2.0 (2.0.4.13130-1.ds1-4) unstable; urgency=low
* Updated Swedish debconf translation by Martin Bagge. Closes: #491766
diff -u firebird2.0-2.0.4.13130-1.ds1/debian/patches/series firebird2.0-2.0.4.13130-1.ds1/debian/patches/series
--- firebird2.0-2.0.4.13130-1.ds1/debian/patches/series
+++ firebird2.0-2.0.4.13130-1.ds1/debian/patches/series
@@ -22,0 +23 @@
+cvs_CVE-2009-2620_DOS.patch
only in patch2:
unchanged:
--- firebird2.0-2.0.4.13130-1.ds1.orig/debian/patches/cvs_CVE-2009-2620_DOS.patch
+++ firebird2.0-2.0.4.13130-1.ds1/debian/patches/cvs_CVE-2009-2620_DOS.patch
@@ -0,0 +1,35 @@
+Author: Dmitry Yemanov
+Description: fix possible DoS attack using the malformed packet sent into the
+ connection port
+Upstream-Bug: http://tracker.firebirdsql.org/browse/CORE-2563
+Debian-Bug: 539477
+Upstream-VCS-Commit: http://firebird.cvs.sourceforge.net/viewvc/firebird/firebird2/src/remote/server.cpp?r1=1.126.2.16&r2=1.126.2.17&pathrev=B2_0_Release
+--- a/src/remote/server.cpp
++++ b/src/remote/server.cpp
+@@ -1013,6 +1013,13 @@ static void aux_request( rem_port* port,
+ port->port_status_vector = status_vector;
+ success(status_vector);
+
++ RDB rdb = port->port_context;
++ if (bad_db(status_vector, rdb))
++ {
++ port->send_response(send, 0, 0, status_vector);
++ return;
++ }
++
+ // This buffer is used by INET and WNET transports
+ // to return the server identification string
+ UCHAR buffer[BUFFER_TINY];
+@@ -1020,12 +1027,6 @@ static void aux_request( rem_port* port,
+ send->p_resp.p_resp_data.cstr_address = buffer;
+
+ rem_port* aux_port = port->request(send);
+- RDB rdb = port->port_context;
+- if (bad_db(status_vector, rdb))
+- {
+- // who has any idea what else to do with such attempt
+- return;
+- }
+
+ port->send_response(send, rdb->rdb_id,
+ send->p_resp.p_resp_data.cstr_length, status_vector);
Author: Dmitry Yemanov
Description: fix possible DoS attack using the malformed packet sent into the
connection port
Upstream-Bug: http://tracker.firebirdsql.org/browse/CORE-2563
Debian-Bug: 539477
Upstream-VCS-Commit: http://firebird.cvs.sourceforge.net/viewvc/firebird/firebird2/src/remote/server.cpp?r1=1.126.2.16&r2=1.126.2.17&pathrev=B2_0_Release
--- a/src/remote/server.cpp
+++ b/src/remote/server.cpp
@@ -1013,6 +1013,13 @@ static void aux_request( rem_port* port,
port->port_status_vector = status_vector;
success(status_vector);
+ RDB rdb = port->port_context;
+ if (bad_db(status_vector, rdb))
+ {
+ port->send_response(send, 0, 0, status_vector);
+ return;
+ }
+
// This buffer is used by INET and WNET transports
// to return the server identification string
UCHAR buffer[BUFFER_TINY];
@@ -1020,12 +1027,6 @@ static void aux_request( rem_port* port,
send->p_resp.p_resp_data.cstr_address = buffer;
rem_port* aux_port = port->request(send);
- RDB rdb = port->port_context;
- if (bad_db(status_vector, rdb))
- {
- // who has any idea what else to do with such attempt
- return;
- }
port->send_response(send, rdb->rdb_id,
send->p_resp.p_resp_data.cstr_length, status_vector);
File lists identical (after any substitutions)
Control files of package firebird2.0-classic: lines which differ (wdiff format)
-------------------------------------------------------------------------------
Depends: libc6 (>= 2.7-1), libeditline0, libfbembed2 (>= 2.0.4), libgcc1 (>= 1:4.1.1), libstdc++6 (>= 4.1.1), firebird2.0-common (= [-2.0.4.13130-1.ds1-4),-] {+2.0.4.13130-1.ds1-4+lenny1),+} netbase, firebird2.0-server-common (= [-2.0.4.13130-1.ds1-4),-] {+2.0.4.13130-1.ds1-4+lenny1),+} openbsd-inetd | inet-superserver, debconf (>= 0.5) | debconf-2.0, debconf (>= 1.4.69) | cdebconf (>= 0.43)
Version: [-2.0.4.13130-1.ds1-4-] {+2.0.4.13130-1.ds1-4+lenny1+}
Control files of package firebird2.0-common: lines which differ (wdiff format)
------------------------------------------------------------------------------
Version: [-2.0.4.13130-1.ds1-4-] {+2.0.4.13130-1.ds1-4+lenny1+}
Control files of package firebird2.0-dev: lines which differ (wdiff format)
---------------------------------------------------------------------------
Version: [-2.0.4.13130-1.ds1-4-] {+2.0.4.13130-1.ds1-4+lenny1+}
Control files of package firebird2.0-doc: lines which differ (wdiff format)
---------------------------------------------------------------------------
Version: [-2.0.4.13130-1.ds1-4-] {+2.0.4.13130-1.ds1-4+lenny1+}
Control files of package firebird2.0-examples: lines which differ (wdiff format)
--------------------------------------------------------------------------------
Version: [-2.0.4.13130-1.ds1-4-] {+2.0.4.13130-1.ds1-4+lenny1+}
Control files of package firebird2.0-server-common: lines which differ (wdiff format)
-------------------------------------------------------------------------------------
Version: [-2.0.4.13130-1.ds1-4-] {+2.0.4.13130-1.ds1-4+lenny1+}
Control files of package firebird2.0-super: lines which differ (wdiff format)
-----------------------------------------------------------------------------
Depends: libc6 (>= 2.7-1), libeditline0, libfbclient2 (>= 2.0.4), libgcc1 (>= 1:4.1.1), libicu38 (>= 3.8-5), libstdc++6 (>= 4.1.1), firebird2.0-common (= [-2.0.4.13130-1.ds1-4),-] {+2.0.4.13130-1.ds1-4+lenny1),+} firebird2.0-server-common (= [-2.0.4.13130-1.ds1-4),-] {+2.0.4.13130-1.ds1-4+lenny1),+} lsb-base, debconf (>= 0.5) | debconf-2.0, debconf (>= 1.4.69) | cdebconf (>= 0.43)
Version: [-2.0.4.13130-1.ds1-4-] {+2.0.4.13130-1.ds1-4+lenny1+}
Control files of package libfbclient2: lines which differ (wdiff format)
------------------------------------------------------------------------
Depends: libc6 (>= 2.7-1), libgcc1 (>= 1:4.1.1), libstdc++6 (>= 4.1.1), firebird2.0-common (= [-2.0.4.13130-1.ds1-4)-] {+2.0.4.13130-1.ds1-4+lenny1)+}
Version: [-2.0.4.13130-1.ds1-4-] {+2.0.4.13130-1.ds1-4+lenny1+}
Control files of package libfbembed2: lines which differ (wdiff format)
-----------------------------------------------------------------------
Depends: libc6 (>= 2.7-1), libgcc1 (>= 1:4.1.1), libicu38 (>= 3.8-5), libstdc++6 (>= 4.1.1), firebird2.0-common (= [-2.0.4.13130-1.ds1-4),-] {+2.0.4.13130-1.ds1-4+lenny1),+} firebird2.0-server-common (= [-2.0.4.13130-1.ds1-4)-] {+2.0.4.13130-1.ds1-4+lenny1)+}
Version: [-2.0.4.13130-1.ds1-4-] {+2.0.4.13130-1.ds1-4+lenny1+}
Attachment:
signature.asc
Description: Digital signature