Ubuntu
memcached package

  1. Bug #1255328
  2. Comment #7

Comment 7 for bug 1255328

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package memcached - 1.4.14-0ubuntu9

---------------
memcached (1.4.14-0ubuntu9) trusty; urgency=low

  * SECURITY UPDATE: denial of service via large body length
    - debian/patches/CVE-2011-4971.patch: check length in memcached.c,
      added test to t/issue_192.t.
    - CVE-2011-4971
  * SECURITY UPDATE: denial of service when using -vv
    - debian/patches/CVE-2013-0179.patch: properly format key in items.c,
      memcached.c.
    - CVE-2013-0179
  * SECURITY UPDATE: SASL authentication bypass
    - debian/patches/CVE-2013-7239.patch: explicitly record sasl auth
      states in memcached.*, added test to t/binary-sasl.t.
    - CVE-2013-7239
  * debian/memcached.postinst: don't create home directory so we don't end
    up with /nonexistent. Thanks to Dustin Lundquist for patch.
    (LP: #1255328)
 -- Marc Deslauriers <email address hidden> Mon, 13 Jan 2014 15:48:48 -0500