From ${URL} : Firebird 2.5.5 can be crashed remotely by authenticated clients by invoking gbak via the service manager using invalid command line switch. This is harmless for the -classic flavour where the server process serves only that particular connection, but is at least a DoS for -super and -superclassic where the crashed process serves multiple connections. Upstream issue: http://tracker.firebirdsql.org/browse/CORE-5068 CVE request: http://seclists.org/oss-sec/2016/q1/57 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Have you read this CVE at all? This looks to be once again 100% windows specific. I am also not seeing how this is a remote exploit. Given gbak is a command line utility.
This also looks to be a issues that was introduce on a version of Firebird not even in tree, per CVE " Vlad Khorsun added a comment - 06/Jan/16 07:42 AM The bug was introduced in build 26948 by my commit Revision: 62434 Author: hvlad Date: 27 October 2015 г. 13:20:18 Message: Backport feature CORE-1999 : TimeStamp in the every line output gbak.exe utility It was sad typo when backporting "
Close as invalid as this version is not in portage. I have it in my overlay but I have already moved onto Firebird 3.0 which does not seem effected by this.
Package not in stable, no security tracking