Debian bug fixed : CVE-2017-6369: authenticated remote execution in firebird 2.5 before version 3.0.2
We believe that the bug you reported is fixed in the latest version of
firebird3.0, which is due to be installed in the Debian FTP archive.
* Apply commit 56e9a73c168 from upstream B3_0_Release branch fixing authenticated remote execution vulnerability (CVE-2017-6369, CORE-5474) Closes: #858644
Authenticated Firebird users are allowed to declare UDFs (user-defined
functions). The default config allows using all entry points from the standard
UDF library, which is dynamically linked with libc, with its symbols
re-exported, including system().
Relevant upstream commits for 3.0:
What’s new with Pi 3? Onboard WiFi/Bluetooth, a new 64-bit quadcore processor, and 50% more processing power.
The new Pi can give a boost if you use it with Firebird server
Firebird 2.5.5 packages are uploaded to Debian unstable (Sid) repository
This version will make the build reproducible.
The reproducible builds initiative aims to enable anyone to reproduce bit by bit identical binary packages from a given source, thus enabling anyone to independently verify that a binary matches the source code from which it was said it was derived. For example, this allow the users of Debian to rebuild packages and obtain exactly identical packages to the ones provided by the Debian repositories.
Prune tool sets the creation stamp in the database header to a fixed value (taken from the last changelog stanza) and
prunes unused space on index/data pages of shipped databases
Firebird 3.0 Revision 61579 uploaded in into Debian experimental with a few
* Remove extra ‘;a=summary’ from the Vcs-Browser URL
* -server.postinst: s/LOGDIR/LOG_DIR/ spelling mistake
* Imported Upstream subversion snapshot r61579
* fix populating -dev with include/firebird/* content
Here you can check Firebird 3.0 Debian package progress
Damyan added quite a few changes compared with version from 3 years ago
Firebird 2.5.3 is updated in Debian unstable with minor security fixes
Here is the changelog :
* add patch tightening fb_guard lock file permissions (Closes: #767497) Thanks to Holger Levsen
*-super.postinst: tighten permissions on existing fbguard lock file
* declare conformance with Debian Policy 3.9.6
Important Debian security fix is uploaded to sid http://packages.qa.debian.org/f/firebird2.5/news/20130318T154817Z.html
You can check Firebird 2.5/2.1 packages security status for this bug CVE-2013-2492 on this page