From http://www.openwall.com/lists/oss-security/2012/11/14/6 : a denial of service flaw was found in the way the TraceManager of Firebird, a SQL relational database management system, performed preparation of an empty dynamic SQL query. When the trace mode was enabled, a remote, authenticated database user could use this flaw to cause the Firebird server to crash with a NULL pointer dereference. References: [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693210 [2] http://tracker.firebirdsql.org/browse/CORE-3884 [3] https://bugzilla.redhat.com/show_bug.cgi?id=876613 Relevant upstream patch: [4] http://firebird.svn.sourceforge.net/viewvc/firebird?pathrev=54702&revision=54702&view=revision
CVE-2012-5529 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5529): TraceManager in Firebird 2.5.0 and 2.5.1, when trace is enabled, allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) by preparing an empty dynamic SQL query.
i just drop old affected version 2.5.1.x i mean. (It was acked by Patrick). So, closed as noglsa.