686150 – <dev-db/firebird-3.0.4.33054.0 version bump

Bug 686150 - <dev-db/firebird-3.0.4.33054.0 version bump

Summary: <dev-db/firebird-3.0.4.33054.0 version bump

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Gentoo Security

URL:	https://www.firebirdsql.org/file/docu...
Whiteboard:	~3 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2019-05-17 13:10 UTC by Jeroen Roovers (RETIRED)
Modified:	2019-08-16 19:56 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jeroen Roovers (RETIRED) gentoo-dev

2019-05-17 13:10:07 UTC

Some development resources now point to Github[1], including release tarballs.



[1] https://github.com/FirebirdSQL/firebird

Comment 1 Jeroen Roovers (RETIRED) gentoo-dev

2019-05-17 13:18:53 UTC

The [URL] appears to indicate a security vulnerability in versions prior to 3.0.4.

Comment 2 Jeroen Roovers (RETIRED) gentoo-dev

2019-05-17 13:20:06 UTC

"Because of the way BLOBs are implemented in Firebird, it is possible for a knowledgeable user to gain unauthorised access to their contents by a brute force method without having the necessary privileges to access the table containing them. Some work was done to ameliorate this risk in databases accessed by Firebird 3.0.4 or higher."[1]


[1] https://www.firebirdsql.org/file/documentation/release_notes/html/en/3_0/rnfb30-general.html#rnfb30-general-v304

Comment 3 Jeroen Roovers (RETIRED) gentoo-dev

2019-05-17 13:21:42 UTC

"If you are using the database encryption feature, or plan to do so, it is essential to upgrade to this sub-release. Refer to this report[1] for details."[2]


[1] https://www.firebirdsql.org/file/documentation/release_notes/html/en/3_0/bug-303.html#bug-303-core-crypt-vuln
[2] https://www.firebirdsql.org/file/documentation/release_notes/html/en/3_0/rnfb30-general-v303.html

Comment 4 Larry the Git Cow gentoo-dev

2019-08-08 16:52:54 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4d44504813bb967b88a83a61b31b42ecfd421758

commit 4d44504813bb967b88a83a61b31b42ecfd421758
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2019-08-08 14:13:27 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2019-08-08 16:51:33 +0000

    dev-db/firebird: 3.0.4.33054.0 version bump
    
    Bug: https://bugs.gentoo.org/686150
    Package-Manager: Portage-2.3.71, Repoman-2.3.17
    Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>

 dev-db/firebird/Manifest                      |   1 +
 dev-db/firebird/firebird-3.0.4.33054.0.ebuild | 230 ++++++++++++++++++++++++++
 2 files changed, 231 insertions(+)

Comment 5 Aaron Bauman (RETIRED) gentoo-dev

2019-08-15 21:12:27 UTC

@maintainer(s), please drop vulnerable.

Comment 6 Larry the Git Cow gentoo-dev

2019-08-16 08:24:51 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2f1b7fab01208fea762ce9b179d2f55095c1381b

commit 2f1b7fab01208fea762ce9b179d2f55095c1381b
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2019-08-16 07:40:15 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2019-08-16 08:24:20 +0000

    dev-db/firebird: Drop 3.0.2.32703.0-r2
    
    Bug: https://bugs.gentoo.org/686150
    Package-Manager: Portage-2.3.71, Repoman-2.3.17
    Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>

 dev-db/firebird/Manifest                           |   1 -
 .../files/firebird-3.0.2.32703.0-gcc6.patch        |  19 --
 dev-db/firebird/firebird-3.0.2.32703.0-r2.ebuild   | 235 ---------------------
 3 files changed, 255 deletions(-)