[pkg-firebird-general] Bug#444976: CVE-2007-2606: Multiple buffer overflows
Steffen Joeris
steffen.joeris at skolelinux.de
Tue Oct 2 12:34:08 UTC 2007
Package: firebird2.0
Severity: important
Hi
There is another CVE[0] issued for firebird2.0.
I am not sure, if that is covered with the new upstream release. Could
you maybe comment on that?
CVE-2007-2606:
Multiple buffer overflows in Firebird 2.1 allow attackers to trigger
memory corruption and possibly have other unspecified impact via certain
input processed by (1) config\ConfigFile.cpp or (2) msgs\check_msgs.epp.
NOTE: if ConfigFile.cpp reads a configuration file with restrictive
permissions, then the ConfigFile.cpp vector may not cross privilege
boundaries and perhaps should not be included in CVE.
Thanks for your efforts
Cheers
Steffen
[0]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2606
More information about the pkg-firebird-general
mailing list