Re: Bug#693210: server crash on prearing an empty query with tracing enabled

To: 693210@bugs.debian.org
Cc: debian-security@lists.debian.org
Subject: Re: Bug#693210: server crash on prearing an empty query with tracing enabled
From: Damyan Ivanov <dmn@debian.org>
Date: Wed, 14 Nov 2012 23:14:51 +0200
Message-id: <[🔎] 20121114211451.GA19168@ktnx.net>
In-reply-to: <20121114093502.22662.97367.reportbug@pc1.creditreform.bg>
References: <20121114093502.22662.97367.reportbug@pc1.creditreform.bg>

(adding -security to Cc)

-=| Damyan Ivanov, 14.11.2012 11:35:02 +0200 |=-
> Source: firebird2.5
> Version: 2.5.0
> Severity: important
> Tags: upstream fixed-upstream security
> Forwarded: http://tracker.firebirdsql.org/browse/CORE-3884
> 
> With trace enabled, preparing an empty query crashes the server on line 91 of 
> /src/jrd/trace/TraceDSQLHelpers.h, since the dereferenced m_request variable is 
> NULL.
> 
> Tagged as 'security' since this is a remote crash, although it requires a valid 
> user/pass.

This issue has assigned CVE-2012-5529.

Attachment: signature.asc
Description: Digital signature

Reply to:

Prev by Date: Re: cpe ids and package names
Next by Date: CVE-2011-4815: Hashdos in ruby 1.8.7.302-2squeeze1 unfixed
Previous by thread: Re: cpe ids and package names
Next by thread: CVE-2011-4815: Hashdos in ruby 1.8.7.302-2squeeze1 unfixed
Index(es):
- Date
- Thread