Summary: | dev-db/firebird: authenticated remote crash by gbak invocation | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | bear1650, proxy-maint |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1297447 | ||
Whiteboard: | ~3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2016-01-14 09:47:24 UTC
Have you read this CVE at all? This looks to be once again 100% windows specific. I am also not seeing how this is a remote exploit. Given gbak is a command line utility. This also looks to be a issues that was introduce on a version of Firebird not even in tree, per CVE " Vlad Khorsun added a comment - 06/Jan/16 07:42 AM The bug was introduced in build 26948 by my commit Revision: 62434 Author: hvlad Date: 27 October 2015 г. 13:20:18 Message: Backport feature CORE-1999 : TimeStamp in the every line output gbak.exe utility It was sad typo when backporting " Close as invalid as this version is not in portage. I have it in my overlay but I have already moved onto Firebird 3.0 which does not seem effected by this. Package not in stable, no security tracking |