Ubuntu
firebird1.5 package

[firebird] [DSA-1529-1] Debian recommends upgrade to firebird2, support for firebird1.5 discontinued

Bug #210141 reported by disabled.user
254
Affects Status Importance Assigned to Milestone
firebird1.5 (Ubuntu)
Won't Fix
Undecided
Popa Adrian Marius
firebird2 (Ubuntu)
Won't Fix
Undecided
Popa Adrian Marius

Bug Description

References:
DSA-1529-1 (http://www.debian.org/security/2008/dsa-1529)

Quoting:
"Multiple security problems have been discovered in the Firebird database, which may lead to the execution of arbitrary code or denial of service.

This Debian security advisory is a bit unusual. While it's normally our strict policy to backport security bugfixes to older releases, this turned out to be infeasible for Firebird 1.5 due to large infrastructural changes necessary to fix these issues. As a consequence security support for Firebird 1.5 is hereby discontinued, leaving two options to administrators running a Firebird database:

1. Administrators running Firebird in a completely internal setup with trusted users could leave it unchanged.
2. Everyone else should upgrade to the firebird2.0 packages available at backports.org.

      Version 2.0.3.12981.ds1-6~bpo40+1 fixes all known issues.

Please refer to the general backports.org documentation to add the packages to your package management configuration.

These packages are backported to run with Debian stable. Since firebird2.0 is not a drop-in replacement for firebird2 (which is the source package name for the Firebird 1.5 packages) these updates are not released through security.debian.org. Potential future security problems affecting Debian stable will be released through backports.org as well.

Arrangements have been made to ensure that Firebird in the upcoming Debian 5.0 release will be supportable with regular backported security bugfixes again."

Revision history for this message
disabled.user (disabled.user-deactivatedaccount) wrote :

See also:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=362001
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432753
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=444976
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=441405
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=460048
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463596

Revision history for this message
Popa Adrian Marius (mapopa) wrote :

i guess the sane way is to prepare an firebird2.0 for proposed or backports
then move it to main ? what is the strategy ?

Revision history for this message
Popa Adrian Marius (mapopa) wrote :

I will add 2.1 and 2.0 to backports

firebird 2.1 is already tested on all ubuntu suported versions just needs to included in backports
https://edge.launchpad.net/~mapopa/+archive

I will start the backports process

Changed in firebird1.5:
assignee: nobody → mapopa
status: New → In Progress
Changed in firebird2:
assignee: nobody → mapopa
status: New → In Progress
Popa Adrian Marius (mapopa)
Changed in firebird1.5:
status: In Progress → Fix Committed
Changed in firebird2:
status: In Progress → Fix Committed
Kees Cook (kees)
Changed in firebird2:
status: Fix Committed → Triaged
Changed in firebird1.5:
status: Fix Committed → Triaged
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thank you for reporting this bug to Ubuntu. This bug was reported
against a release of Ubuntu which has reached EOL (End of Life) and
is therefore no longer supported. As a result, this bug is being marked
"Won't Fix". Please see https://wiki.ubuntu.com/Releases for currently
supported Ubuntu releases.

Please feel free to report any other bugs you may find.

Changed in firebird1.5 (Ubuntu):
status: Triaged → Won't Fix
Changed in firebird2 (Ubuntu):
status: Triaged → Won't Fix
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.