From ${URL} : It was found that an unauthenticated remote attacker could send a malformed network packet to a firebird server, which would cause the server to crash. http://www.firebirdsql.org/en/news/security-updates-for-v2-1-and-v2-5-series-66011/ http://tracker.firebirdsql.org/browse/CORE-4630 http://sourceforge.net/p/firebird/code/60331/ @maintainer(s): since the package or the affected version has never been marked as stable, we don't need to stabilize it. After the bump, please remove the affected versions from the tree.
+*firebird-2.5.3.26780.0 (11 Dec 2014) + + 11 Dec 2014; Pacho Ramos <pacho@gentoo.org> +firebird-2.5.3.26780.0.ebuild, + -files/70firebird, -files/firebird-2.5.0.26074.0-Makefile.in.static.createdb, + -files/firebird-update-valgrind.patch, -files/firebird.conf.d, + -files/firebird.conf.d.2, -files/firebird.init.d, -files/firebird.xinetd.2, + -files/xinetd.2, -firebird-2.5.2.26540.0.ebuild: + Fix security bug 532124 + All should be done with this
CVE-2014-9323 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9323): The xdr_status_vector function in Firebird before 2.1.7 and 2.5.x before 2.5.3 SU1 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and crash) via an op_response action with a non-empty status.
Closing as noglsa per our policy