[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1112039: bookworm-pu: package firebird3.0/3.0.11.33637.ds4-2+deb12u1

Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: firebird3.0@packages.debian.org
Control: affects -1 + src:firebird3.0
User: release.debian.org@packages.debian.org
Usertags: pu

  * CVE-2025-54989: XDR Message Parsing NULL Pointer Dereference
    (Closes: #1111321)

diffstat for firebird3.0-3.0.11.33637.ds4 firebird3.0-3.0.11.33637.ds4

 changelog                                                    |    8 +++
 patches/0001-Fix-for-GHSA-7qp6-hqxj-pjjp-ZDI-CAN-26486.patch |   28 +++++++++++
 patches/series                                               |    1 
 3 files changed, 37 insertions(+)

diff -Nru firebird3.0-3.0.11.33637.ds4/debian/changelog firebird3.0-3.0.11.33637.ds4/debian/changelog
--- firebird3.0-3.0.11.33637.ds4/debian/changelog	2022-10-24 22:36:38.000000000 +0300
+++ firebird3.0-3.0.11.33637.ds4/debian/changelog	2025-08-25 12:20:39.000000000 +0300
@@ -1,3 +1,11 @@
+firebird3.0 (3.0.11.33637.ds4-2+deb12u1) bookworm; urgency=medium
+
+  * Non-maintainer upload.
+  * CVE-2025-54989: XDR Message Parsing NULL Pointer Dereference
+    (Closes: #1111321)
+
+ -- Adrian Bunk <bunk@debian.org>  Mon, 25 Aug 2025 12:20:39 +0300
+
 firebird3.0 (3.0.11.33637.ds4-2) unstable; urgency=medium
 
   * fix arch-all-only build by overriding only dh_lintian-arch for libib-util
diff -Nru firebird3.0-3.0.11.33637.ds4/debian/patches/0001-Fix-for-GHSA-7qp6-hqxj-pjjp-ZDI-CAN-26486.patch firebird3.0-3.0.11.33637.ds4/debian/patches/0001-Fix-for-GHSA-7qp6-hqxj-pjjp-ZDI-CAN-26486.patch
--- firebird3.0-3.0.11.33637.ds4/debian/patches/0001-Fix-for-GHSA-7qp6-hqxj-pjjp-ZDI-CAN-26486.patch	1970-01-01 02:00:00.000000000 +0200
+++ firebird3.0-3.0.11.33637.ds4/debian/patches/0001-Fix-for-GHSA-7qp6-hqxj-pjjp-ZDI-CAN-26486.patch	2025-08-25 12:19:54.000000000 +0300
@@ -0,0 +1,28 @@
+From f6d0e7ced133c7ed3cade0d98430ddfb71e43996 Mon Sep 17 00:00:00 2001
+From: AlexPeshkoff <alexander.peshkoff@gmail.com>
+Date: Mon, 5 May 2025 19:03:13 +0300
+Subject: Fix for GHSA-7qp6-hqxj-pjjp / ZDI-CAN-26486
+
+---
+ src/remote/protocol.cpp | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/src/remote/protocol.cpp b/src/remote/protocol.cpp
+index 6b1fc4ee34..95316cd041 100644
+--- a/src/remote/protocol.cpp
++++ b/src/remote/protocol.cpp
+@@ -1857,6 +1857,11 @@ static bool_t xdr_trrq_message( XDR* xdrs, USHORT msg_type)
+ 	rem_port* port = xdrs->x_public;
+ 	Rpr* procedure = port->port_rpr;
+ 
++	// normally that never happens
++	fb_assert(procedure);
++	if (!procedure)
++		return false;
++
+ 	if (msg_type == 1)
+ 		return xdr_message(xdrs, procedure->rpr_out_msg, procedure->rpr_out_format);
+ 
+-- 
+2.30.2
+
diff -Nru firebird3.0-3.0.11.33637.ds4/debian/patches/series firebird3.0-3.0.11.33637.ds4/debian/patches/series
--- firebird3.0-3.0.11.33637.ds4/debian/patches/series	2022-10-23 21:41:01.000000000 +0300
+++ firebird3.0-3.0.11.33637.ds4/debian/patches/series	2025-08-25 12:20:35.000000000 +0300
@@ -20,3 +20,4 @@
 deb/cve-2017-11509.patch
 out/hppa-mod_loader.patch
 out/hurd-maxpathlen.patch
+0001-Fix-for-GHSA-7qp6-hqxj-pjjp-ZDI-CAN-26486.patch
Reply to: