Bug#1112038: marked as done (trixie-pu: package firebird3.0/3.0.12.ds7-13+deb13u1)

To: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Subject: Bug#1112038: marked as done (trixie-pu: package firebird3.0/3.0.12.ds7-13+deb13u1)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Sat, 06 Sep 2025 11:18:16 +0000
Message-id: <[🔎] handler.1112038.D1112038.17571573143953362.ackdone@bugs.debian.org>
Reply-to: 1112038@bugs.debian.org
References: <165032e5317517556dd7fd8cf24843112a3fb6ac.camel@adam-barratt.org.uk> <175613308649.4140225.9100800126782384754.reportbug@localhost>

Your message dated Sat, 06 Sep 2025 12:14:57 +0100
with message-id <165032e5317517556dd7fd8cf24843112a3fb6ac.camel@adam-barratt.org.uk>
and subject line Closing p-u requests for fixes included in 13.1
has caused the Debian Bug report #1112038,
regarding trixie-pu: package firebird3.0/3.0.12.ds7-13+deb13u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1112038: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112038
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: trixie-pu: package firebird3.0/3.0.12.ds7-13+deb13u1
From: Adrian Bunk <bunk@debian.org>
Date: Mon, 25 Aug 2025 17:44:46 +0300
Message-id: <175613308649.4140225.9100800126782384754.reportbug@localhost>

Package: release.debian.org
Severity: normal
Tags: trixie
X-Debbugs-Cc: firebird3.0@packages.debian.org
Control: affects -1 + src:firebird3.0
User: release.debian.org@packages.debian.org
Usertags: pu

  * CVE-2025-54989: XDR Message Parsing NULL Pointer Dereference
    (Closes: #1111321)

diffstat for firebird3.0-3.0.12.ds7 firebird3.0-3.0.12.ds7

 changelog                                                    |    8 +++
 patches/0001-Fix-for-GHSA-7qp6-hqxj-pjjp-ZDI-CAN-26486.patch |   28 +++++++++++
 patches/series                                               |    1 
 3 files changed, 37 insertions(+)

diff -Nru firebird3.0-3.0.12.ds7/debian/changelog firebird3.0-3.0.12.ds7/debian/changelog
--- firebird3.0-3.0.12.ds7/debian/changelog	2025-03-23 18:20:32.000000000 +0200
+++ firebird3.0-3.0.12.ds7/debian/changelog	2025-08-25 12:04:01.000000000 +0300
@@ -1,3 +1,11 @@
+firebird3.0 (3.0.12.ds7-13+deb13u1) trixie; urgency=medium
+
+  * Non-maintainer upload.
+  * CVE-2025-54989: XDR Message Parsing NULL Pointer Dereference
+    (Closes: #1111321)
+
+ -- Adrian Bunk <bunk@debian.org>  Mon, 25 Aug 2025 12:04:01 +0300
+
 firebird3.0 (3.0.12.ds7-13) unstable; urgency=medium
 
   [ Carles Pina i Estany ]
diff -Nru firebird3.0-3.0.12.ds7/debian/patches/0001-Fix-for-GHSA-7qp6-hqxj-pjjp-ZDI-CAN-26486.patch firebird3.0-3.0.12.ds7/debian/patches/0001-Fix-for-GHSA-7qp6-hqxj-pjjp-ZDI-CAN-26486.patch
--- firebird3.0-3.0.12.ds7/debian/patches/0001-Fix-for-GHSA-7qp6-hqxj-pjjp-ZDI-CAN-26486.patch	1970-01-01 02:00:00.000000000 +0200
+++ firebird3.0-3.0.12.ds7/debian/patches/0001-Fix-for-GHSA-7qp6-hqxj-pjjp-ZDI-CAN-26486.patch	2025-08-25 12:03:31.000000000 +0300
@@ -0,0 +1,28 @@
+From 1ece01433e84376e0e32260c4237a9f5c4dbe274 Mon Sep 17 00:00:00 2001
+From: AlexPeshkoff <alexander.peshkoff@gmail.com>
+Date: Mon, 5 May 2025 19:03:13 +0300
+Subject: Fix for GHSA-7qp6-hqxj-pjjp / ZDI-CAN-26486
+
+---
+ src/remote/protocol.cpp | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/src/remote/protocol.cpp b/src/remote/protocol.cpp
+index cc8f492910..435c32c889 100644
+--- a/src/remote/protocol.cpp
++++ b/src/remote/protocol.cpp
+@@ -1857,6 +1857,11 @@ static bool_t xdr_trrq_message( XDR* xdrs, USHORT msg_type)
+ 	rem_port* port = xdrs->x_public;
+ 	Rpr* procedure = port->port_rpr;
+ 
++	// normally that never happens
++	fb_assert(procedure);
++	if (!procedure)
++		return false;
++
+ 	if (msg_type == 1)
+ 		return xdr_message(xdrs, procedure->rpr_out_msg, procedure->rpr_out_format);
+ 
+-- 
+2.30.2
+
diff -Nru firebird3.0-3.0.12.ds7/debian/patches/series firebird3.0-3.0.12.ds7/debian/patches/series
--- firebird3.0-3.0.12.ds7/debian/patches/series	2025-01-25 17:22:59.000000000 +0200
+++ firebird3.0-3.0.12.ds7/debian/patches/series	2025-08-25 12:03:59.000000000 +0300
@@ -30,3 +30,4 @@
 deb/cve-2017-11509.patch
 out/hppa-mod_loader.patch
 out/hurd-maxpathlen.patch
+0001-Fix-for-GHSA-7qp6-hqxj-pjjp-ZDI-CAN-26486.patch

--- End Message ---

--- Begin Message ---

To: 1109572-done@bugs.debian.org, 1110100-done@bugs.debian.org, 1110170-done@bugs.debian.org, 1110707-done@bugs.debian.org, 1110723-done@bugs.debian.org, 1110737-done@bugs.debian.org, 1110855-done@bugs.debian.org, 1110958-done@bugs.debian.org, 1110977-done@bugs.debian.org, 1111036-done@bugs.debian.org, 1111075-done@bugs.debian.org, 1111122-done@bugs.debian.org, 1111225-done@bugs.debian.org, 1111231-done@bugs.debian.org, 1111256-done@bugs.debian.org, 1111257-done@bugs.debian.org, 1111308-done@bugs.debian.org, 1111361-done@bugs.debian.org, 1111422-done@bugs.debian.org, 1111425-done@bugs.debian.org, 1111470-done@bugs.debian.org, 1111602-done@bugs.debian.org, 1111603-done@bugs.debian.org, 1111604-done@bugs.debian.org, 1111608-done@bugs.debian.org, 1111621-done@bugs.debian.org, 1111644-done@bugs.debian.org, 1111646-done@bugs.debian.org, 1111672-done@bugs.debian.org, 1111675-done@bugs.debian.org, 1111684-done@bugs.debian.org, 1111794-done@bugs.debian.org, 1111798-done@bugs.debian.org, 1111852-done@bugs.debian.org, 1111860-done@bugs.debian.org, 1111917-done@bugs.debian.org, 1111938-done@bugs.debian.org, 1111960-done@bugs.debian.org, 1111972-done@bugs.debian.org, 1111991-done@bugs.debian.org, 1112021-done@bugs.debian.org, 1112029-done@bugs.debian.org, 1112038-done@bugs.debian.org, 1112054-done@bugs.debian.org, 1112096-done@bugs.debian.org, 1112099-done@bugs.debian.org, 1112140-done@bugs.debian.org, 1112196-done@bugs.debian.org, 1112215-done@bugs.debian.org, 1112237-done@bugs.debian.org, 1112272-done@bugs.debian.org, 1112287-done@bugs.debian.org, 1112308-done@bugs.debian.org, 1112312-done@bugs.debian.org, 1112323-done@bugs.debian.org, 1112335-done@bugs.debian.org, 1112355-done@bugs.debian.org, 1112367-done@bugs.debian.org, 1112483-done@bugs.debian.org, 1112529-done@bugs.debian.org, 1112533-done@bugs.debian.org, 1112543-done@bugs.debian.org

Subject: Closing p-u requests for fixes included in 13.1

From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Date: Sat, 06 Sep 2025 12:14:57 +0100

Message-id: <165032e5317517556dd7fd8cf24843112a3fb6ac.camel@adam-barratt.org.uk>
Package: release.debian.org
Version: 13.1

Hi,

Each of the updates referenced by these requests was included in
today's 13.1 point release for trixie.

Regards,

Adam
--- End Message ---

Reply to:

Prev by Date: Bug#1112029: marked as done (trixie-pu: package orphan-sysvinit-scripts/0.21+deb13u1)
Next by Date: Bug#1112039: marked as done (bookworm-pu: package firebird3.0/3.0.11.33637.ds4-2+deb12u1)
Previous by thread: Bug#1112029: marked as done (trixie-pu: package orphan-sysvinit-scripts/0.21+deb13u1)
Next by thread: Bug#1112039: marked as done (bookworm-pu: package firebird3.0/3.0.11.33637.ds4-2+deb12u1)
Index(es):
- Date
- Thread