Debian-LTS has issued an advisory on February 29: https://www.debian.org/lts/security/2020/dla-2129 They mitigated it by disabling UDFs in the default configuration, as there is no actual fix. Our advisory will need to tell people to fix it in their own configs. Mageia 7 is also affected.
Status comment: (none) => UDFs need to be disabled by default to mitigateWhiteboard: (none) => MGA7TOO
Assigning to Philippe as registered & active maintainer; CC Guillaume as a recent maintainer.
CC: (none) => guillomovitchAssignee: bugsquad => makowski.mageia
CVE : https://nvd.nist.gov/vuln/detail/CVE-2017-6369 Upstream tracker : http://tracker.firebirdsql.org/browse/CORE-5474 Upstream commit: https://github.com/FirebirdSQL/firebird/commit/56e9a73c16803c3544076edb2d6c4ca25815e541 I think that Firebird 3.0.4 (mga7) and Firebird 3.0.7 (cauldron) are not affected see also : https://www.securityfocus.com/bid/97070
Resolution: (none) => FIXEDStatus: NEW => RESOLVED
Agreed.
Resolution: FIXED => INVALID
*** Bug 29678 has been marked as a duplicate of this bug. ***