* SECURITY UPDATE: denial of service via large body length
- debian/patches/CVE-2011-4971.patch: check length in memcached.c,
added test to t/issue_192.t.
- CVE-2011-4971
* SECURITY UPDATE: denial of service when using -vv
- debian/patches/CVE-2013-0179.patch: properly format key in items.c,
memcached.c.
- CVE-2013-0179
* SECURITY UPDATE: SASL authentication bypass
- debian/patches/CVE-2013-7239.patch: explicitly record sasl auth
states in memcached.*, added test to t/binary-sasl.t.
- CVE-2013-7239
* debian/memcached.postinst: don't create home directory so we don't end
up with /nonexistent. Thanks to Dustin Lundquist for patch.
(LP: #1255328)
-- Marc Deslauriers <email address hidden> Mon, 13 Jan 2014 15:48:48 -0500
This bug was fixed in the package memcached - 1.4.14-0ubuntu9
---------------
memcached (1.4.14-0ubuntu9) trusty; urgency=low
* SECURITY UPDATE: denial of service via large body length patches/ CVE-2011- 4971.patch: check length in memcached.c, patches/ CVE-2013- 0179.patch: properly format key in items.c, patches/ CVE-2013- 7239.patch: explicitly record sasl auth memcached. postinst: don't create home directory so we don't end
- debian/
added test to t/issue_192.t.
- CVE-2011-4971
* SECURITY UPDATE: denial of service when using -vv
- debian/
memcached.c.
- CVE-2013-0179
* SECURITY UPDATE: SASL authentication bypass
- debian/
states in memcached.*, added test to t/binary-sasl.t.
- CVE-2013-7239
* debian/
up with /nonexistent. Thanks to Dustin Lundquist for patch.
(LP: #1255328)
-- Marc Deslauriers <email address hidden> Mon, 13 Jan 2014 15:48:48 -0500