One more reason to upgrade to Firebird 2.5.2 : CVE-2012-5529

News via oss-sec and [pkg-firebird-general] mailing list
A denial of service flaw was found in the way the TraceManager of
Firebird, performed preparation of an empty dynamic SQL query. When the trace mode was
enabled, a remote, authenticated database user could use this flaw
to cause the Firebird server to crash with a NULL pointer dereference.

References: [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693210
[2] http://tracker.firebirdsql.org/browse/CORE-3884
[3] https://bugzilla.redhat.com/show_bug.cgi?id=876613

Relevant upstream patch: [4]
http://firebird.svn.sourceforge.net/viewvc/firebird?pathrev=54702&revision=54702&view=revision

Firebird 2.5.2 Debian and Ubuntu status

The packaging is ready and anybody wanting to build the package can
find the sources in the Git repository[1]. Since Debian is in a freeze
preparing to its next release, I asked the release team for a freeze
exception[2]. It would be great to have the final release in
Debian/wheezy.

[1] http://git.debian.org/?p=pkg-firebird/2.5.git;a=summary
[2] http://bugs.debian.org/693216

sudo su
apt-get git-core devscripts
apt-get build-dep firebird2.5
git clone http://anonscm.debian.org/git/pkg-firebird/2.5.git
cd 2.5
git-buildpackage

Ignore the last error debsign: gpg error occurred! Aborting (it only for Debian maintainers who sign the package like Damyan)

all the packages will be in ../

you can install for example firebird super classic this way

cd ../
sudo dpkg -i firebird2.5-superclassic* firebird2.5-common* firebird2.5-server-common* firebird2.5-classic-common*

ps: the above instructions were tested on Ubuntu 12.10 , Stable Firebird ppa is updated for all Ubuntu Releases

1 93 94 95 96 97 294