Bug 29678

Summary: firebird new security issue CVE-2017-11509
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Mageia Bug Squad <bugsquad>
Status: RESOLVED DUPLICATE QA Contact: Sec team <security>
Severity: critical    
Priority: Normal CC: mageia, makowski.mageia
Version: 8   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: firebird-3.0.7.33374-1.mga8.src.rpm CVE:
Status comment: no fixes upstream, just mitigation

Description David Walser 2021-11-20 17:51:17 CET 
Debian-LTS has issued an advisory today (November 20):
https://www.debian.org/lts/security/2021/dla-2824

I'm not sure if Cauldron (firebird 4.0.x) is affected.
Nicolas Lécureuil 2021-11-22 22:06:30 CET

CC: (none) => mageia
Status comment: (none) => no fixes upstream, just mitigation

Comment 1 Philippe Makowski 2021-11-23 14:22:04 CET 
and for cauldron :
UDFs are deprecated in v.4. That means that UDFs can’t be used with default configuration (parameter “UdfAccess” set to “None”) and all sample UDF libraries (ib_udf, fbudf) are not distributed any more.

*** This bug has been marked as a duplicate of bug 26288 ***

Status: NEW => RESOLVED
Resolution: (none) => DUPLICATE
CC: (none) => makowski.mageia