Debian bug fixed : CVE-2017-6369: authenticated remote execution in firebird 2.5 before version 3.0.2

We believe that the bug you reported is fixed in the latest version of
firebird3.0, which is due to be installed in the Debian FTP archive.

 * Apply commit 56e9a73c168 from upstream B3_0_Release branch
    fixing authenticated remote execution vulnerability (CVE-2017-6369,
    CORE-5474)
    Closes: #858644

Forwarded: http://tracker.firebirdsql.org/browse/CORE-5474

Authenticated Firebird users are allowed to declare UDFs (user-defined
functions). The default config allows using all entry points from the standard
UDF library, which is dynamically linked with libc, with its symbols
re-exported, including system().

Relevant upstream commits for 3.0:
https://github.com/FirebirdSQL/firebird/commit/8b2a9cb44bf6055e15f016d70a6842b8ada60375

Firebird 3.0 Revision 61479 uploaded to #ubuntu firebird3.0 ppa

Firebird 3.0 Revision 61479 was uploaded to Debian/experimental.

Now you can install on  Ubuntu 14.04 LTS  or latest release  15.04 (Vivid) from firebird3.0 ppa

Changes:
* Remove extra ‘;a=summary’ from the Vcs-Browser URL
* -server.postinst: s/LOGDIR/LOG_DIR/ spelling mistake (This solved an package install issue – basically it stopped the installation process)
* Imported Upstream subversion snapshot r61579
* fix populating -dev with include/firebird/* content

1 2 3 10