diff -Nru libmemcached-1.0.18/debian/changelog libmemcached-1.0.18/debian/changelog --- libmemcached-1.0.18/debian/changelog 2017-10-11 08:19:11.000000000 +0100 +++ libmemcached-1.0.18/debian/changelog 2019-01-17 15:33:09.000000000 +0000 @@ -1,3 +1,10 @@ +libmemcached (1.0.18-4.2ubuntu1) disco; urgency=medium + + * Fix missing null termination in PROTOCOL_BINARY_CMD_SASL_LIST_MECHS + response handling (Closes: #1573594) + + -- Ioanna Alifieraki Thu, 17 Jan 2019 15:33:09 +0000 + libmemcached (1.0.18-4.2) unstable; urgency=medium * Non-maintainer upload. diff -Nru libmemcached-1.0.18/debian/patches/fix_missing_null_termination libmemcached-1.0.18/debian/patches/fix_missing_null_termination --- libmemcached-1.0.18/debian/patches/fix_missing_null_termination 1970-01-01 01:00:00.000000000 +0100 +++ libmemcached-1.0.18/debian/patches/fix_missing_null_termination 2019-01-17 15:32:27.000000000 +0000 @@ -0,0 +1,16 @@ +Description: Fix missing null termination in PROTOCOL_BINARY_CMD_SASL_LIST_MECHS respond handling + * Fix missing null terminated buffer. Closes: #853497. +Author: Ioanna Alifieraki +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/libmemcached/+bug/1573594 +Last-Update: 2019-01-17 + +--- libmemcached-1.0.18.orig/libmemcached/sasl.cc ++++ libmemcached-1.0.18/libmemcached/sasl.cc +@@ -171,6 +171,7 @@ memcached_return_t memcached_sasl_authen + memcached_server_response_increment(server); + + char mech[MEMCACHED_MAX_BUFFER]; ++ memset(mech, 0, MEMCACHED_MAX_BUFFER); + memcached_return_t rc= memcached_response(server, mech, sizeof(mech), NULL); + if (memcached_failed(rc)) + { diff -Nru libmemcached-1.0.18/debian/patches/series libmemcached-1.0.18/debian/patches/series --- libmemcached-1.0.18/debian/patches/series 2017-10-11 08:19:11.000000000 +0100 +++ libmemcached-1.0.18/debian/patches/series 2019-01-17 15:22:51.000000000 +0000 @@ -5,3 +5,4 @@ move-ax_confix_aux_dir.patch no-docs-no-man.diff fix-gcc7-build.diff +fix_missing_null_termination