NULL Pointer Denial of Service Vulnerability

Quantal fix

The attachment "lp1115902-quantal.debdiff" of this bug report has been identified as being a patch in the form of a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. In the event that this is in fact not a patch you can resolve this situation by removing the tag 'patch' from the bug report and editing the attachment so that it is not flagged as a patch. Additionally, if you are member of the ubuntu-sponsors team please also unsubscribe the team from this bug report.

[This is an automated message performed by a Launchpad user owned by Brian Murray. Please contact him regarding any issues with the action taken in this bug report.]

Raring fix

I'm not a security team member, but for the 13.04 upload, I'll upload to "raring" (as opposed to raring-security) instead, as it's the current development release we should be able to just upload it there.

Do you think you could forward the patch to Debian too?

Daniel,

As in http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693210 they have already a patch. Don't really see why it is not applied.

Thanks for the quantal debdiff! I'm building packages now, and will likely release them today.

This bug was fixed in the package firebird2.5 - 2.5.2~svn+54698.ds4-1ubuntu1

---------------
firebird2.5 (2.5.2~svn+54698.ds4-1ubuntu1) raring; urgency=low

  * SECURITY UPDATE: Fix for NULL pointer Denial of Service in TraceManager
    (LP: #1115902)
    - debian/patches/CVE-2012-5529.patch: Handle empty query safely. Based on
      upstream patch.
    - CVE-2012-5529
 -- Christian Kuersteiner <email address hidden> Tue, 05 Feb 2013 15:18:31 +0700

Precise fix

Oneiric fix

This bug was fixed in the package firebird2.5 - 2.5.2~svn+54698.ds4-1ubuntu0.12.10.1

---------------
firebird2.5 (2.5.2~svn+54698.ds4-1ubuntu0.12.10.1) quantal-security; urgency=low

  * SECURITY UPDATE: Fix for NULL pointer Denial of Service in TraceManager
    (LP: #1115902)
    - debian/patches/CVE-2012-5529.patch: Handle empty query safely. Based on
      upstream patch.
    - CVE-2012-5529
 -- Christian Kuersteiner <email address hidden> Tue, 05 Feb 2013 11:51:04 +0700

ACK on the oneiric and precise debdiffs. Uploading now. Thanks!

This bug was fixed in the package firebird2.5 - 2.5.0.26074-0.ds4-5ubuntu0.1

---------------
firebird2.5 (2.5.0.26074-0.ds4-5ubuntu0.1) oneiric-security; urgency=low

  * SECURITY UPDATE: Fix for NULL pointer Denial of Service in TraceManager
    (LP: #1115902)
    - debian/patches/CVE-2012-5529.patch: Handle empty query safely. Based on
      upstream patch.
    - CVE-2012-5529
 -- Christian Kuersteiner <email address hidden> Wed, 06 Feb 2013 11:25:54 +0700

This bug was fixed in the package firebird2.5 - 2.5.1.26351.ds4-2ubuntu0.1

---------------
firebird2.5 (2.5.1.26351.ds4-2ubuntu0.1) precise-security; urgency=low

  * SECURITY UPDATE: Fix for NULL pointer Denial of Service in TraceManager
    (LP: #1115902)
    - debian/patches/CVE-2012-5529.patch: Handle empty query safely. Based on
      upstream patch.
    - CVE-2012-5529
 -- Christian Kuersteiner <email address hidden> Wed, 06 Feb 2013 09:54:44 +0700