New Firebird packages fix several vulnerabilities in debian
This Debian security advisory is a bit unusual. While it’s normally
our strict policy to backport security bugfixes to older releases, this
turned out to be infeasible for Firebird 1.5 due to large infrastructural
changes necessary to fix these issues. As a consequence security support
for Firebird 1.5 is hereby discontinued, leaving two options to
administrators running a Firebird database:
I. Administrators running Firebird in a completely internal setup with
trusted users could leave it unchanged.
II. Everyone else should upgrade to the firebird2.0 packages available at
http://www.backports.org/backports.org/pool/main/f/firebird2.0/
Version 2.0.3.12981.ds1-6~bpo40+1 fixes all known issues.
Please refer to the general backports.org documentation to add the
packages to your package management configuration:
http://www.backports.org/dokuwiki/doku.php?id=instructions
These packages are backported to run with Debian stable. Since
firebird2.0 is not a drop-in replacement for firebird2 (which
is the source package name for the Firebird 1.5 packages)
these updates are not released through security.debian.org.
Potential future security problems affecting Debian stable will be
released through backports.org as well.
Arrangements have been made to ensure that Firebird in the upcoming
Debian 5.0 release will be supportable with regular backported
security bugfixes again.