From owner-freebsd-audit@FreeBSD.ORG  Sun Aug 17 04:00:13 2003
Return-Path: <owner-freebsd-audit@FreeBSD.ORG>
Delivered-To: freebsd-audit@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id DFE4E37B401; Sun, 17 Aug 2003 04:00:13 -0700 (PDT)
Received: from mailout06.sul.t-online.com (mailout06.sul.t-online.com
	[194.25.134.19])	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 54BA643F3F; Sun, 17 Aug 2003 04:00:10 -0700 (PDT)
	(envelope-from Alexander@Leidinger.net)
Received: from fwd06.aul.t-online.de 
	by mailout06.sul.t-online.com with smtp 
	id 19oLGU-0003yb-00; Sun, 17 Aug 2003 13:00:02 +0200
Received: from Andro-Beta.Leidinger.net
	(r2M-hBZZweSv8DC6xnB9NdQj9rMQyy0IbPOrkAyVnCLt3TZ3sVOkgJ@[217.83.23.54]) by
	fmrl06.sul.t-online.com
	with esmtp id 19oLGL-0GT0am0; Sun, 17 Aug 2003 12:59:53 +0200
Received: from Magelan.Leidinger.net (Magelan [192.168.1.1])
	h7HB0s9O040266;	Sun, 17 Aug 2003 13:00:54 +0200 (CEST)
	(envelope-from Alexander@Leidinger.net)
Received: from Magelan.Leidinger.net (netchild@localhost [127.0.0.1])
	by Magelan.Leidinger.net (8.12.9/8.12.9) with SMTP id h7HB1EiZ022762;
	Sun, 17 Aug 2003 13:01:14 +0200 (CEST)
	(envelope-from Alexander@Leidinger.net)
Date: Sun, 17 Aug 2003 13:01:14 +0200
From: Alexander Leidinger <Alexander@Leidinger.net>
To: audit@freebsd.org
Message-Id: <20030817130114.2bfb3cf1.Alexander@Leidinger.net>
X-Mailer: Sylpheed version 0.9.3claws (GTK+ 1.2.10; i386-portbld-freebsd5.1)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Seen: false
X-ID: r2M-hBZZweSv8DC6xnB9NdQj9rMQyy0IbPOrkAyVnCLt3TZ3sVOkgJ@t-dialin.net
cc: ports@freebsd.org
cc: chris@aims.com.au
Subject: SecFix for databases/firebird, please review
X-BeenThere: freebsd-audit@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: FreeBSD Security Audit <freebsd-audit.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-audit>,
	<mailto:freebsd-audit-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-audit>
List-Post: <mailto:freebsd-audit@freebsd.org>
List-Help: <mailto:freebsd-audit-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-audit>,
	<mailto:freebsd-audit-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 17 Aug 2003 11:00:14 -0000

Hi,

at http://www.leidinger.net/FreeBSD/firebird-1.0.2-secfix.tar.bz2 I've
some patches for the databases/firebird port (see
http://packetstormsecurity.nl/0305-exploits/dsr-adv001.txt for the local
stack overflow possibility).

As I want to commit it to the port before Kris decides to remove it
because it is marked FORBIDDEN since a long time, it would be nice if as
much people as possible review the patches.

Chris, it would be nice if you at least can convince the developers to
review the patches too. And please test the patches, I've just verified
that firebird compiles on 5-current (it needs one additional patch (in
#ifdef'ed out code) to compile with gcc 3.3).

Bye,
Alexander.

-- 
              To boldly go where I surely don't belong.

http://www.Leidinger.net                       Alexander @ Leidinger.net
  GPG fingerprint = C518 BC70 E67F 143F BE91  3365 79E2 9C60 B006 3FE7