Bug#1112039: marked as done (bookworm-pu: package firebird3.0/3.0.11.33637.ds4-2+deb12u1)

To: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Subject: Bug#1112039: marked as done (bookworm-pu: package firebird3.0/3.0.11.33637.ds4-2+deb12u1)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Sat, 06 Sep 2025 11:18:16 +0000
Message-id: <[🔎] handler.1112039.D1112039.17571573203954411.ackdone@bugs.debian.org>
Reply-to: 1112039@bugs.debian.org
References: <ee4c0876608d99eb3f8b333b556fbd92e7a652eb.camel@adam-barratt.org.uk> <175613321052.4141371.11263763512582944227.reportbug@localhost>

Your message dated Sat, 06 Sep 2025 12:14:50 +0100
with message-id <ee4c0876608d99eb3f8b333b556fbd92e7a652eb.camel@adam-barratt.org.uk>
and subject line Closing p-u requests for fixes included in 12.12
has caused the Debian Bug report #1112039,
regarding bookworm-pu: package firebird3.0/3.0.11.33637.ds4-2+deb12u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1112039: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112039
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: bookworm-pu: package firebird3.0/3.0.11.33637.ds4-2+deb12u1
From: Adrian Bunk <bunk@debian.org>
Date: Mon, 25 Aug 2025 17:46:50 +0300
Message-id: <175613321052.4141371.11263763512582944227.reportbug@localhost>

Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: firebird3.0@packages.debian.org
Control: affects -1 + src:firebird3.0
User: release.debian.org@packages.debian.org
Usertags: pu

  * CVE-2025-54989: XDR Message Parsing NULL Pointer Dereference
    (Closes: #1111321)

diffstat for firebird3.0-3.0.11.33637.ds4 firebird3.0-3.0.11.33637.ds4

 changelog                                                    |    8 +++
 patches/0001-Fix-for-GHSA-7qp6-hqxj-pjjp-ZDI-CAN-26486.patch |   28 +++++++++++
 patches/series                                               |    1 
 3 files changed, 37 insertions(+)

diff -Nru firebird3.0-3.0.11.33637.ds4/debian/changelog firebird3.0-3.0.11.33637.ds4/debian/changelog
--- firebird3.0-3.0.11.33637.ds4/debian/changelog	2022-10-24 22:36:38.000000000 +0300
+++ firebird3.0-3.0.11.33637.ds4/debian/changelog	2025-08-25 12:20:39.000000000 +0300
@@ -1,3 +1,11 @@
+firebird3.0 (3.0.11.33637.ds4-2+deb12u1) bookworm; urgency=medium
+
+  * Non-maintainer upload.
+  * CVE-2025-54989: XDR Message Parsing NULL Pointer Dereference
+    (Closes: #1111321)
+
+ -- Adrian Bunk <bunk@debian.org>  Mon, 25 Aug 2025 12:20:39 +0300
+
 firebird3.0 (3.0.11.33637.ds4-2) unstable; urgency=medium
 
   * fix arch-all-only build by overriding only dh_lintian-arch for libib-util
diff -Nru firebird3.0-3.0.11.33637.ds4/debian/patches/0001-Fix-for-GHSA-7qp6-hqxj-pjjp-ZDI-CAN-26486.patch firebird3.0-3.0.11.33637.ds4/debian/patches/0001-Fix-for-GHSA-7qp6-hqxj-pjjp-ZDI-CAN-26486.patch
--- firebird3.0-3.0.11.33637.ds4/debian/patches/0001-Fix-for-GHSA-7qp6-hqxj-pjjp-ZDI-CAN-26486.patch	1970-01-01 02:00:00.000000000 +0200
+++ firebird3.0-3.0.11.33637.ds4/debian/patches/0001-Fix-for-GHSA-7qp6-hqxj-pjjp-ZDI-CAN-26486.patch	2025-08-25 12:19:54.000000000 +0300
@@ -0,0 +1,28 @@
+From f6d0e7ced133c7ed3cade0d98430ddfb71e43996 Mon Sep 17 00:00:00 2001
+From: AlexPeshkoff <alexander.peshkoff@gmail.com>
+Date: Mon, 5 May 2025 19:03:13 +0300
+Subject: Fix for GHSA-7qp6-hqxj-pjjp / ZDI-CAN-26486
+
+---
+ src/remote/protocol.cpp | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/src/remote/protocol.cpp b/src/remote/protocol.cpp
+index 6b1fc4ee34..95316cd041 100644
+--- a/src/remote/protocol.cpp
++++ b/src/remote/protocol.cpp
+@@ -1857,6 +1857,11 @@ static bool_t xdr_trrq_message( XDR* xdrs, USHORT msg_type)
+ 	rem_port* port = xdrs->x_public;
+ 	Rpr* procedure = port->port_rpr;
+ 
++	// normally that never happens
++	fb_assert(procedure);
++	if (!procedure)
++		return false;
++
+ 	if (msg_type == 1)
+ 		return xdr_message(xdrs, procedure->rpr_out_msg, procedure->rpr_out_format);
+ 
+-- 
+2.30.2
+
diff -Nru firebird3.0-3.0.11.33637.ds4/debian/patches/series firebird3.0-3.0.11.33637.ds4/debian/patches/series
--- firebird3.0-3.0.11.33637.ds4/debian/patches/series	2022-10-23 21:41:01.000000000 +0300
+++ firebird3.0-3.0.11.33637.ds4/debian/patches/series	2025-08-25 12:20:35.000000000 +0300
@@ -20,3 +20,4 @@
 deb/cve-2017-11509.patch
 out/hppa-mod_loader.patch
 out/hurd-maxpathlen.patch
+0001-Fix-for-GHSA-7qp6-hqxj-pjjp-ZDI-CAN-26486.patch

--- End Message ---

--- Begin Message ---

To: 1086622-done@bugs.debian.org, 1098225-done@bugs.debian.org, 1098229-done@bugs.debian.org, 1098783-done@bugs.debian.org, 1100607-done@bugs.debian.org, 1100960-done@bugs.debian.org, 1101144-done@bugs.debian.org, 1102091-done@bugs.debian.org, 1102675-done@bugs.debian.org, 1102752-done@bugs.debian.org, 1103926-done@bugs.debian.org, 1103927-done@bugs.debian.org, 1104028-done@bugs.debian.org, 1104154-done@bugs.debian.org, 1104821-done@bugs.debian.org, 1104874-done@bugs.debian.org, 1104882-done@bugs.debian.org, 1105009-done@bugs.debian.org, 1105113-done@bugs.debian.org, 1105816-done@bugs.debian.org, 1105888-done@bugs.debian.org, 1105957-done@bugs.debian.org, 1105971-done@bugs.debian.org, 1105996-done@bugs.debian.org, 1106300-done@bugs.debian.org, 1106328-done@bugs.debian.org, 1106348-done@bugs.debian.org, 1106536-done@bugs.debian.org, 1106721-done@bugs.debian.org, 1106756-done@bugs.debian.org, 1106761-done@bugs.debian.org, 1106867-done@bugs.debian.org, 1107069-done@bugs.debian.org, 1107116-done@bugs.debian.org, 1107147-done@bugs.debian.org, 1107217-done@bugs.debian.org, 1107252-done@bugs.debian.org, 1107253-done@bugs.debian.org, 1107568-done@bugs.debian.org, 1107852-done@bugs.debian.org, 1107902-done@bugs.debian.org, 1108122-done@bugs.debian.org, 1108127-done@bugs.debian.org, 1108137-done@bugs.debian.org, 1108185-done@bugs.debian.org, 1108308-done@bugs.debian.org, 1108353-done@bugs.debian.org, 1108504-done@bugs.debian.org, 1108508-done@bugs.debian.org, 1108543-done@bugs.debian.org, 1108548-done@bugs.debian.org, 1108921-done@bugs.debian.org, 1109012-done@bugs.debian.org, 1109034-done@bugs.debian.org, 1109084-done@bugs.debian.org, 1109087-done@bugs.debian.org, 1109095-done@bugs.debian.org, 1109127-done@bugs.debian.org, 1109147-done@bugs.debian.org, 1109207-done@bugs.debian.org, 1109545-done@bugs.debian.org, 1109611-done@bugs.debian.org, 1109763-done@bugs.debian.org, 1109819-done@bugs.debian.org, 1109943-done@bugs.debian.org, 1109945-done@bugs.debian.org, 1109947-done@bugs.debian.org, 1109995-done@bugs.debian.org, 1110034-done@bugs.debian.org, 1110080-done@bugs.debian.org, 1110114-done@bugs.debian.org, 1110340-done@bugs.debian.org, 1110489-done@bugs.debian.org, 1110643-done@bugs.debian.org, 1110686-done@bugs.debian.org, 1110813-done@bugs.debian.org, 1111034-done@bugs.debian.org, 1111076-done@bugs.debian.org, 1111426-done@bugs.debian.org, 1111486-done@bugs.debian.org, 1111600-done@bugs.debian.org, 1111607-done@bugs.debian.org, 1111653-done@bugs.debian.org, 1111666-done@bugs.debian.org, 1111835-done@bugs.debian.org, 1111859-done@bugs.debian.org, 1111924-done@bugs.debian.org, 1111959-done@bugs.debian.org, 1111966-done@bugs.debian.org, 1111969-done@bugs.debian.org, 1111987-done@bugs.debian.org, 1111989-done@bugs.debian.org, 1112039-done@bugs.debian.org, 1112053-done@bugs.debian.org, 1112070-done@bugs.debian.org, 1112074-done@bugs.debian.org, 1112124-done@bugs.debian.org, 1112129-done@bugs.debian.org, 1112141-done@bugs.debian.org, 1112195-done@bugs.debian.org, 1112239-done@bugs.debian.org, 1112252-done@bugs.debian.org, 1112340-done@bugs.debian.org, 1112347-done@bugs.debian.org, 1112368-done@bugs.debian.org, 1112449-done@bugs.debian.org, 1112459-done@bugs.debian.org, 1112467-done@bugs.debian.org, 1112542-done@bugs.debian.org

Subject: Closing p-u requests for fixes included in 12.12

From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Date: Sat, 06 Sep 2025 12:14:50 +0100

Message-id: <ee4c0876608d99eb3f8b333b556fbd92e7a652eb.camel@adam-barratt.org.uk>
Package: release.debian.org
Version: 12.12

Hi,

Each of the updates referenced by these requests was included in
today's 12.12 point release for bookworm.

Regards,

Adam
--- End Message ---

Reply to:

Prev by Date: Bug#1112038: marked as done (trixie-pu: package firebird3.0/3.0.12.ds7-13+deb13u1)
Next by Date: Bug#1112053: marked as done (bookworm-pu: golang-github-gin-contrib-cors/1.4.0-1+deb12u1)
Previous by thread: Bug#1112038: marked as done (trixie-pu: package firebird3.0/3.0.12.ds7-13+deb13u1)
Next by thread: Bug#1112053: marked as done (bookworm-pu: golang-github-gin-contrib-cors/1.4.0-1+deb12u1)
Index(es):
- Date
- Thread