Change log for memcached package in Ubuntu

memcached (1.6.24-1build3) noble; urgency=medium

  * No-change rebuild for CVE-2024-3094

 -- William Grant <email address hidden>  Mon, 01 Apr 2024 17:55:32 +1100

Available diffs

• diff from 1.6.24-1build1 to 1.6.24-1build3 (361 bytes)
• diff from 1.6.24-1build2 to 1.6.24-1build3 (317 bytes)

memcached (1.6.26-1) unstable; urgency=medium

  * New upstream release.

 -- Chris Lamb <email address hidden>  Sat, 30 Mar 2024 09:10:43 +0000

Available diffs

• diff from 1.6.24-1build3 (in Ubuntu) to 1.6.26-1 (36.0 KiB)

memcached (1.6.24-1build2) noble; urgency=medium

  * No-change rebuild against libevent-2.1-7t64

 -- Simon Chopin <email address hidden>  Fri, 29 Mar 2024 17:27:13 +0100

Available diffs

• diff from 1.6.24-1build1 to 1.6.24-1build2 (309 bytes)

memcached (1.6.24-1build1) noble; urgency=medium

  * No-change rebuild against libssl3t64

 -- Steve Langasek <email address hidden>  Mon, 04 Mar 2024 19:59:32 +0000

Available diffs

• diff from 1.6.23-1 (in Debian) to 1.6.24-1build1 (13.0 KiB)
• diff from 1.6.24-1 (in Debian) to 1.6.24-1build1 (482 bytes)

memcached (1.6.24-1) unstable; urgency=medium

  * New upstream release.
  * Drop 0007-uninitialized-variables.patch; applied upstream.

 -- Chris Lamb <email address hidden>  Sun, 03 Mar 2024 15:54:51 +0000

Available diffs

• diff from 1.6.23-1 to 1.6.24-1 (12.8 KiB)

memcached (1.6.23-1) unstable; urgency=medium

  * New upstream release.

 -- Chris Lamb <email address hidden>  Sat, 13 Jan 2024 10:00:17 +0000

Available diffs

• diff from 1.6.22-1 to 1.6.23-1 (50.6 KiB)

memcached (1.6.21-1ubuntu0.23.10.1) mantic-security; urgency=medium

  * SECURITY UPDATE: buffer overflow via multiget requests in proxy mode
    - debian/patches/CVE-2023-46852.patch: fix buffer overflow with
      multiget syntax in proto_proxy.c, t/proxyunits.t.
    - CVE-2023-46852
  * SECURITY UPDATE: off-by-one error via proxy requests in proxy mode
    - debian/patches/CVE-2023-46853.patch: fix off-by-one if \r is missing
      in proxy.h, proxy_request.c, t/proxy.t.
    - CVE-2023-46853

 -- Marc Deslauriers <email address hidden>  Wed, 01 Nov 2023 09:41:02 -0400

Available diffs

• diff from 1.6.21-1 (in Debian) to 1.6.21-1ubuntu0.23.10.1 (3.8 KiB)

memcached (1.6.18-1ubuntu0.1) lunar-security; urgency=medium

  * SECURITY UPDATE: buffer overflow via multiget requests in proxy mode
    - debian/patches/CVE-2023-46852.patch: fix buffer overflow with
      multiget syntax in proto_proxy.c.
    - CVE-2023-46852
  * SECURITY UPDATE: off-by-one error via proxy requests in proxy mode
    - debian/patches/CVE-2023-46853.patch: fix off-by-one if \r is missing
      in proxy.h, proxy_request.c, t/proxy.t.
    - CVE-2023-46853

 -- Marc Deslauriers <email address hidden>  Wed, 01 Nov 2023 10:15:44 -0400

Available diffs

• diff from 1.6.18-1 (in Debian) to 1.6.18-1ubuntu0.1 (3.5 KiB)

memcached (1.6.14-1ubuntu0.1) jammy-security; urgency=medium

  * SECURITY UPDATE: buffer overflow via multiget requests in proxy mode
    - debian/patches/CVE-2023-46852.patch: fix buffer overflow with
      multiget syntax in proto_proxy.c.
    - CVE-2023-46852
  * SECURITY UPDATE: off-by-one error via proxy requests in proxy mode
    - debian/patches/CVE-2023-46853.patch: fix off-by-one if \r is missing
      in proto_proxy.c, t/proxy.t.
    - CVE-2023-46853

 -- Marc Deslauriers <email address hidden>  Wed, 01 Nov 2023 10:19:02 -0400

Available diffs

• diff from 1.6.14-1 (in Debian) to 1.6.14-1ubuntu0.1 (3.5 KiB)

memcached (1.6.22-1) unstable; urgency=medium

  * New upstream release.
  * Refresh patches.

 -- Chris Lamb <email address hidden>  Sat, 21 Oct 2023 09:17:43 +0100

Available diffs

• diff from 1.6.21-1 to 1.6.22-1 (42.0 KiB)

memcached (1.5.22-2ubuntu0.3) focal-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2022-48571.patch: fix a null reference crash in
      memcached.c.
    - CVE-2022-48571

 -- Leonidas Da Silva Barbosa <email address hidden>  Thu, 07 Sep 2023 09:42:48 -0300

Available diffs

• diff from 1.5.22-2ubuntu0.2 (in Ubuntu) to 1.5.22-2ubuntu0.3 (1.2 KiB)
• diff from 1.5.22-2 (in Debian) to 1.5.22-2ubuntu0.3 (3.6 KiB)

memcached (1.6.21-1) unstable; urgency=medium

  * New upstream release.
  * Refresh patches.
  * Bump Standards-Version to 4.6.2.

 -- Chris Lamb <email address hidden>  Sat, 24 Jun 2023 10:36:16 +0100

Available diffs

• diff from 1.6.19-1 to 1.6.21-1 (49.8 KiB)

memcached (1.6.19-1) unstable; urgency=medium

  * New upstream release.
    - Refresh patches.
  * memcached.conf: Also listen on IPv6 by default.

 -- Chris Lamb <email address hidden>  Wed, 15 Mar 2023 09:33:00 +0000

Available diffs

• diff from 1.6.18-1 to 1.6.19-1 (68.4 KiB)

memcached (1.6.18-1) unstable; urgency=medium

  * New upstream release. (Closes: #1028497)
  * Refresh patches.

 -- Chris Lamb <email address hidden>  Thu, 12 Jan 2023 00:02:22 +0000

Available diffs

• diff from 1.6.17-1 to 1.6.18-1 (37.2 KiB)

memcached (1.6.16-1build1) kinetic; urgency=medium

  * No-change rebuild against libevent-2.1-7a (LP: #1990941)

 -- Benjamin Drung <email address hidden>  Fri, 07 Oct 2022 19:53:40 +0200

Available diffs

• diff from 1.6.16-1 (in Debian) to 1.6.16-1build1 (510 bytes)

memcached (1.6.17-1) unstable; urgency=medium

  * New upstream release.
    - Refresh patches.
    - Add pkg-config to Build-Depends.
  * Drop unused UPSTREAM_AUTOCONF_GENERATED_FILES variable.

 -- Chris Lamb <email address hidden>  Thu, 08 Sep 2022 06:52:56 +0100

Available diffs

• diff from 1.6.16-1build1 (in Ubuntu) to 1.6.17-1 (108.7 KiB)

memcached (1.6.16-1) unstable; urgency=medium

  * New upstream release.
  * Drop lp1979705-fix-ftbfs-gcc12-ppc64el.patch; applied upstream.
  * Refresh patches.

 -- Chris Lamb <email address hidden>  Sat, 06 Aug 2022 07:30:36 -0700

Available diffs

• diff from 1.6.15-1 to 1.6.16-1 (22.4 KiB)

memcached (1.6.15-1) unstable; urgency=medium

  * New upstream release.
  * Refresh patches.

 -- Chris Lamb <email address hidden>  Sun, 03 Apr 2022 09:42:35 +0100

Available diffs

• diff from 1.6.14-1 to 1.6.15-1 (91.5 KiB)

memcached (1.6.14-1) unstable; urgency=medium

  * New upstream release.

 -- Chris Lamb <email address hidden>  Sat, 12 Feb 2022 08:50:01 -0800

Available diffs

• diff from 1.6.13-1 to 1.6.14-1 (33.5 KiB)

memcached (1.6.13-1) unstable; urgency=medium

  * New upstream release.
    - Refresh patches.

 -- Chris Lamb <email address hidden>  Sat, 15 Jan 2022 10:05:01 +0000

Available diffs

• diff from 1.6.12+dfsg-4 to 1.6.13-1 (406.2 KiB)

memcached (1.6.12+dfsg-4) unstable; urgency=medium

  [ Christian Ehrhardt ]
  * Remove static libssl1.1 dependency (LP: #1955006)

  [ Chris Lamb ]
  * Update debian/copyright.

 -- Chris Lamb <email address hidden>  Mon, 03 Jan 2022 08:38:05 +0000

Available diffs

• diff from 1.6.12+dfsg-3 to 1.6.12+dfsg-4 (603 bytes)

memcached (1.6.12+dfsg-3) unstable; urgency=medium

  * Fix compilation errors under -O3 due to uninitialised variables.
    (Closes: #1001357)
  * Don't run the whitespace tests.

 -- Chris Lamb <email address hidden>  Thu, 09 Dec 2021 08:50:08 -0800

Available diffs

• diff from 1.6.12+dfsg-2ubuntu1 (in Ubuntu) to 1.6.12+dfsg-3 (1.5 KiB)

memcached (1.6.12+dfsg-2ubuntu1) jammy; urgency=medium

  * debian/patches/uninitialized-variables.patch: fix an error due to
    use of a possibly uninitialized variable.

 -- Steve Langasek <email address hidden>  Thu, 09 Dec 2021 00:30:48 +0000

Available diffs

• diff from 1.6.9+dfsg-1build1 to 1.6.12+dfsg-2ubuntu1 (109.5 KiB)
• diff from 1.6.12+dfsg-2build1 to 1.6.12+dfsg-2ubuntu1 (921 bytes)

memcached (1.6.12+dfsg-2build1) jammy; urgency=medium

  * No-change rebuild against libssl3

 -- Steve Langasek <email address hidden>  Wed, 08 Dec 2021 23:39:29 +0000

Available diffs

• diff from 1.6.12+dfsg-2 (in Debian) to 1.6.12+dfsg-2build1 (516 bytes)

memcached (1.6.12+dfsg-2) unstable; urgency=medium

  * Renable TLS for now. (Closes: #1000463)

 -- Chris Lamb <email address hidden>  Tue, 23 Nov 2021 08:59:31 -0800

Available diffs

• diff from 1.6.12+dfsg-1 to 1.6.12+dfsg-2 (417 bytes)

memcached (1.6.9+dfsg-1build1) impish; urgency=medium

  * No-change rebuild to build packages with zstd compression.

 -- Matthias Klose <email address hidden>  Thu, 07 Oct 2021 12:20:42 +0200

Available diffs

• diff from 1.6.9+dfsg-1 (in Debian) to 1.6.9+dfsg-1build1 (339 bytes)

memcached (1.6.12+dfsg-1) unstable; urgency=medium

  * New upstream release.
  * Bump Standards-Version to 4.6.0.

 -- Chris Lamb <email address hidden>  Sat, 02 Oct 2021 07:59:24 +0100

memcached (1.6.9+dfsg-1) unstable; urgency=medium

  * New upstream release.

 -- Chris Lamb <email address hidden>  Wed, 25 Nov 2020 10:25:05 +0000

Available diffs

• diff from 1.6.8+dfsg-1 to 1.6.9+dfsg-1 (42.8 KiB)

memcached (1.6.8+dfsg-1) unstable; urgency=medium

  * New upstream release.

 -- Chris Lamb <email address hidden>  Wed, 28 Oct 2020 10:27:52 +0000

Available diffs

• diff from 1.6.6-3ubuntu1 (in Ubuntu) to 1.6.8+dfsg-1 (127.6 KiB)

memcached (1.6.6-3ubuntu1) groovy; urgency=medium

  * d/p/use_signal_instead_of_sigignore.patch:
    Replace use of deprecated sigignore() with signal() to fix FTBFS in
    groovy.
    (LP: #1897823)

 -- Bryce Harrington <email address hidden>  Wed, 30 Sep 2020 14:29:41 -0700

Available diffs

• diff from 1.6.6-3 (in Debian) to 1.6.6-3ubuntu1 (2.1 KiB)

memcached (1.5.22-2ubuntu0.2) focal; urgency=medium

  * Enable TLS capabilities present in Memcached since version 1.5.13.
    TLS support is required in order to harden Memcached deployments in
    cloud environments or similar scenarios where the network is not to
    be entirely trusted. (LP: #1887943)
    - d/rules: set --enable-tls
    - d/control: add libio-socket-ssl-perl to run build time ssl tests
    - d/control: add libssl dependency

 -- Moisés Guimarães de Medeiros <email address hidden>  Mon, 24 Aug 2020 15:14:26 +0200

Available diffs

• diff from 1.5.22-2ubuntu0.1 to 1.5.22-2ubuntu0.2 (866 bytes)

memcached (1.6.6-3) unstable; urgency=medium

  * Add libio-socket-ssl-perl to test dependencies.
  * Disable TLS on armhf for now.
  * Clarify forwarded status of all patches.
  * Bump debhelper compat level to 13.

 -- Chris Lamb <email address hidden>  Mon, 24 Aug 2020 11:38:51 +0100

Available diffs

• diff from 1.6.6-2 to 1.6.6-3 (1.1 KiB)

memcached (1.6.6-2) unstable; urgency=medium

  [ Moisés Guimarães de Medeiros ]
  * Enable TLS capabilities by default. (Closes: #968603)

  [ Chris Lamb ]
  * Drop unnecessary dependency on dh-autoreconf.
  * Run "wrap-and-sort -sa".

 -- Chris Lamb <email address hidden>  Tue, 18 Aug 2020 16:26:07 +0100

Available diffs

• diff from 1.6.6-1 to 1.6.6-2 (925 bytes)

memcached (1.5.22-2ubuntu0.1) focal; urgency=medium

  * d/p/fix-bug-where-sasl-will-load-config-the-wrong-path.patch:
    Fix the path from which SASL configuration is loaded.  (LP: #1878721)
    The bug happened because sasl expects memcached to provide a
    path (i.e., a directory, not a filename) where the sasl
    configuration file(s) is (are).  However, memcached was passing
    the filename (/etc/sasl2/memcached.conf) to sasl, which was
    interpreting it as a directory, and looking for a configuration
    file inside it (i.e., /etc/sasl2/memcached.conf/memcached.conf).
    Users could workaround this bug by creating a directory named
    /etc/sasl2/memcached.conf/, and putting the configuration file
    inside it.  This patch not only fixes this bug (by passing the
    right directory, /etc/sasl2/, to sasl) but also supports the
    workaround described above.

 -- Anders Kaseorg <email address hidden>  Thu, 14 May 2020 17:13:17 -0700

Available diffs

• diff from 1.5.22-2 (in Debian) to 1.5.22-2ubuntu0.1 (2.5 KiB)

memcached (1.5.10-0ubuntu3.1) eoan; urgency=medium

  * d/p/fix-bug-where-sasl-will-load-config-the-wrong-path.patch:
    Fix the path from which SASL configuration is loaded.  (LP: #1878721)
    The bug happened because sasl expects memcached to provide a
    path (i.e., a directory, not a filename) where the sasl
    configuration file(s) is (are).  However, memcached was passing
    the filename (/etc/sasl2/memcached.conf) to sasl, which was
    interpreting it as a directory, and looking for a configuration
    file inside it (i.e., /etc/sasl2/memcached.conf/memcached.conf).
    Users could workaround this bug by creating a directory named
    /etc/sasl2/memcached.conf/, and putting the configuration file
    inside it.  This patch not only fixes this bug (by passing the
    right directory, /etc/sasl2/, to sasl) but also supports the
    workaround described above.

 -- Anders Kaseorg <email address hidden>  Thu, 14 May 2020 17:13:17 -0700

Available diffs

• diff from 1.5.10-0ubuntu3 to 1.5.10-0ubuntu3.1 (2.3 KiB)

memcached (1.6.6-1) unstable; urgency=medium

  * New upstream release.
    - Fixes FTBFS on s390x and other architectures. (Closes: #960459)

 -- Chris Lamb <email address hidden>  Wed, 13 May 2020 10:10:16 +0100

Available diffs

• diff from 1.5.22-2 to 1.6.6-1 (126.2 KiB)
• diff from 1.6.5-2 to 1.6.6-1 (27.1 KiB)

memcached (1.6.5-2) unstable; urgency=medium

  * Attempt to fix failing autopkgtest that assumes a particular string is in
    the first 1KiB of the response.

 -- Chris Lamb <email address hidden>  Sat, 18 Apr 2020 22:05:46 +0100

memcached (1.5.22-2) unstable; urgency=medium

  * Apply a patch (merged upstream) to fix FTFBS on s390x, etc. Thanks,
    Christian Ehrhardt. (Closes: #950777)

 -- Chris Lamb <email address hidden>  Thu, 06 Feb 2020 15:57:03 +0000

Available diffs

• diff from 1.5.22-1ubuntu1 (in Ubuntu) to 1.5.22-2 (612 bytes)

memcached (1.5.22-1ubuntu1) focal; urgency=medium

  * d/p/stats_prefix-Remove-test-failure-due-to-non-determin.patch: fix FTFBS
    on s390x (LP: #1861783)

 -- Christian Ehrhardt <email address hidden>  Tue, 04 Feb 2020 10:02:44 +0100

Available diffs

• diff from 1.5.20-1 (in Debian) to 1.5.22-1ubuntu1 (23.6 KiB)
• diff from 1.5.22-1 (in Debian) to 1.5.22-1ubuntu1 (1.6 KiB)

memcached (1.5.22-1) unstable; urgency=medium

  * New upstream release.
    <https://github.com/memcached/memcached/wiki/ReleaseNotes1521>

 -- Chris Lamb <email address hidden>  Tue, 04 Feb 2020 11:45:44 +0100

Available diffs

• diff from 1.5.21-1 to 1.5.22-1 (3.1 KiB)

memcached (1.5.21-1) unstable; urgency=medium

  * New upstream release.
    <https://github.com/memcached/memcached/wiki/ReleaseNotes1521>
  * Bump Standards-Version to 4.5.0.
  * Refresh 0004-Don-t-run-some-upstream-tests.patch patch.

 -- Chris Lamb <email address hidden>  Sun, 26 Jan 2020 11:41:26 +0000

Available diffs

• diff from 1.5.20-1 to 1.5.21-1 (21.1 KiB)

memcached (1.5.20-1) unstable; urgency=medium

  * New upstream release.
    <https://github.com/memcached/memcached/wiki/ReleaseNotes1520>
  * Refresh 0004-Don-t-run-some-upstream-tests.patch.

 -- Chris Lamb <email address hidden>  Tue, 12 Nov 2019 10:21:40 +0100

Available diffs

• diff from 1.5.19-2 to 1.5.20-1 (23.9 KiB)

memcached (1.5.10-0ubuntu4) focal; urgency=medium

  * No-change rebuild for libevent soname changes.

 -- Matthias Klose <email address hidden>  Sat, 19 Oct 2019 19:56:13 +0000

Available diffs

• diff from 1.5.10-0ubuntu3 to 1.5.10-0ubuntu4 (344 bytes)

memcached (1.5.19-2) unstable; urgency=medium

  * Add iproute2 to autopkgtest dependencies. (Closes: #942183)
  * Try and ensure that memcached is running in the tests.
  * Bump Standards-Version to 4.4.1.

 -- Chris Lamb <email address hidden>  Fri, 11 Oct 2019 08:34:04 -0700

Available diffs

• diff from 1.5.10-0ubuntu4 (in Ubuntu) to 1.5.19-2 (141.0 KiB)

memcached (1.5.10-0ubuntu3) eoan; urgency=medium

  * SECURITY UPDATE: stack-based buffer over-read
    - debian/patches/CVE-2019-15026.patch: fix strncpy call to
      avoid ASAN violation in memcached.c.
    - CVE-2019-15026

 -- <email address hidden> (Leonidas S. Barbosa)  Thu, 05 Sep 2019 13:14:11 -0300

Available diffs

• diff from 1.5.10-0ubuntu2 to 1.5.10-0ubuntu3 (1.5 KiB)

memcached (1.5.10-0ubuntu1.19.04.2) disco-security; urgency=medium

  * SECURITY UPDATE: stack-based buffer over-read
    - debian/patches/CVE-2019-15026.patch: fix strncpy call to
      avoid ASAN violation in memcached.c.
    - CVE-2019-15026

 -- <email address hidden> (Leonidas S. Barbosa)  Thu, 05 Sep 2019 12:48:10 -0300

Available diffs

• diff from 1.5.10-0ubuntu1.19.04.1 to 1.5.10-0ubuntu1.19.04.2 (1.6 KiB)
• diff from 1.5.10-0ubuntu1.19.04.2~test1 to 1.5.10-0ubuntu1.19.04.2 (331 bytes)

memcached (1.4.25-2ubuntu1.5) xenial-security; urgency=medium

  * SECURITY UPDATE: stack-based buffer over-read
    - debian/patches/CVE-2019-15026.patch: fix strncpy call to
      avoid ASAN violation in memcached.c.
    - CVE-2019-15026

 -- <email address hidden> (Leonidas S. Barbosa)  Thu, 05 Sep 2019 11:59:55 -0300

Available diffs

• diff from 1.4.25-2ubuntu1.4 to 1.4.25-2ubuntu1.5 (1.6 KiB)

memcached (1.5.6-0ubuntu1.2) bionic-security; urgency=medium

  * SECURITY UPDATE: stack-based buffer over-read
    - debian/patches/CVE-2019-15026.patch: fix strncpy call to
      avoid ASAN violation in memcached.c.
    - CVE-2019-15026

 -- <email address hidden> (Leonidas S. Barbosa)  Thu, 05 Sep 2019 12:38:44 -0300

Available diffs

• diff from 1.5.6-0ubuntu1.1 to 1.5.6-0ubuntu1.2 (1.6 KiB)

memcached (1.5.10-0ubuntu1.19.04.1) disco-security; urgency=medium

  * SECURITY UPDATE: denial of service via crafted lru messages
    - debian/patches/CVE-2019-11596.patch: fix off by one in token count in
      memcached.c.
    - CVE-2019-11596

 -- Marc Deslauriers <email address hidden>  Tue, 30 Apr 2019 14:31:41 -0400

Available diffs

• diff from 1.5.10-0ubuntu1 (in Ubuntu) to 1.5.10-0ubuntu1.19.04.1 (1.0 KiB)

memcached (1.5.10-0ubuntu1.18.10.1) cosmic-security; urgency=medium

  * SECURITY UPDATE: denial of service via crafted lru messages
    - debian/patches/CVE-2019-11596.patch: fix off by one in token count in
      memcached.c.
    - CVE-2019-11596

 -- Marc Deslauriers <email address hidden>  Tue, 30 Apr 2019 14:31:41 -0400

Available diffs

• diff from 1.5.10-0ubuntu1 (in Ubuntu) to 1.5.10-0ubuntu1.18.10.1 (1.0 KiB)

memcached (1.5.10-0ubuntu2) eoan; urgency=medium

  * SECURITY UPDATE: denial of service via crafted lru messages
    - debian/patches/CVE-2019-11596.patch: fix off by one in token count in
      memcached.c.
    - CVE-2019-11596

 -- Marc Deslauriers <email address hidden>  Tue, 30 Apr 2019 14:31:41 -0400

Available diffs

• diff from 1.5.10-0ubuntu1 to 1.5.10-0ubuntu2 (1.0 KiB)

memcached (1.5.6-0ubuntu1.1) bionic-security; urgency=medium

  * SECURITY UPDATE: denial of service via crafted lru messages
    - debian/patches/CVE-2019-11596.patch: fix off by one in token count in
      memcached.c.
    - CVE-2019-11596

 -- Marc Deslauriers <email address hidden>  Tue, 30 Apr 2019 14:33:22 -0400

Available diffs

• diff from 1.5.4-1ubuntu3 to 1.5.6-0ubuntu1.1 (17.3 KiB)

memcached (1.5.10-0ubuntu1) cosmic; urgency=medium

  * New upstream release.
  * Includes fixes for various failures on various architectures,
    including the fix for alignment issues on some ARM platforms for
    chunked items (LP: #1780838).

 -- Robie Basak <email address hidden>  Mon, 13 Aug 2018 13:10:37 +0100

Available diffs

• diff from 1.5.6-0ubuntu1 to 1.5.10-0ubuntu1 (46.0 KiB)
• diff from 1.5.6-1 (in Debian) to 1.5.10-0ubuntu1 (38.4 KiB)

memcached (1.4.14-0ubuntu9.3) trusty-security; urgency=medium

  * SECURITY UPDATE: Integer Overflow in items.c:item_free()
    - debian/patches/CVE-2018-1000127.patch: Don't overflow item refcount
      on get in memcached.c.
    - CVE-2018-1000127

 -- Marc Deslauriers <email address hidden>  Mon, 19 Mar 2018 10:15:57 -0400

Available diffs

• diff from 1.4.14-0ubuntu9.2 to 1.4.14-0ubuntu9.3 (1.2 KiB)

memcached (1.4.33-1ubuntu3.3) artful-security; urgency=medium

  * SECURITY UPDATE: Integer Overflow in items.c:item_free()
    - debian/patches/CVE-2018-1000127.patch: Don't overflow item refcount
      on get in memcached.c.
    - CVE-2018-1000127

 -- Marc Deslauriers <email address hidden>  Mon, 19 Mar 2018 10:12:13 -0400

Available diffs

• diff from 1.4.33-1ubuntu3.2 to 1.4.33-1ubuntu3.3 (1.3 KiB)

memcached (1.4.25-2ubuntu1.4) xenial-security; urgency=medium

  * SECURITY UPDATE: Integer Overflow in items.c:item_free()
    - debian/patches/CVE-2018-1000127.patch: Don't overflow item refcount
      on get in memcached.c.
    - CVE-2018-1000127

 -- Marc Deslauriers <email address hidden>  Mon, 19 Mar 2018 10:15:02 -0400

Available diffs

• diff from 1.4.25-2ubuntu1.3 to 1.4.25-2ubuntu1.4 (1.3 KiB)

memcached (1.5.6-1) unstable; urgency=medium

  * New upstream release
    + Fix CVE-2018-1000115 (UDP is no more enabled by default)
    + Update debian/patches/02_service_wrapper.patch
    + Update debian/tests/client.pl to verify that UDP is disabled by default
  * Remove generated debian/memcached.service
  * Bumped policy version to 4.1.3

 -- Guillaume Delacour <email address hidden>  Tue, 06 Mar 2018 18:59:39 +0100

memcached (1.5.6-0ubuntu1) bionic; urgency=medium

  * New upstream bugfix release (LP: #1753839).
  * d/p/disable-udp-by-default.patch: drop (now upstream).
  * d/p/02_service_wrapper.patch: refresh to remove fuzz.
  * d/p/restore-systemd-sandboxing: restore sandboxing in memcached.service
    removed by upstream in 1.5.6 to avoid feature regression (LP: #1755460).

 -- Robie Basak <email address hidden>  Tue, 13 Mar 2018 09:59:06 +0000

Available diffs

• diff from 1.5.4-1ubuntu3 (in ~ubuntu-security-proposed/ubuntu/ppa) to 1.5.6-0ubuntu1 (16.8 KiB)

memcached (1.4.14-0ubuntu9.2) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service due to integer overflow
    - debian/patches/CVE-2017-9951.patch: check for integer overflow on
      key requests
    - CVE-2017-9951
  * SECURITY UPDATE: disable listening on UDP port by default due to
    use in DDoS amplification attacks
    - debian/patches/disable-udp-by-default.patch: disable UDP port by
      default. (LP: #1752831)
    - debian/NEWS: add explanation and document how to re-enable UDP if
      necessary.
    - CVE-2018-1000115

 -- Steve Beattie <email address hidden>  Mon, 05 Mar 2018 02:10:59 -0800

Available diffs

• diff from 1.4.14-0ubuntu9.1 to 1.4.14-0ubuntu9.2 (2.2 KiB)

memcached (1.4.33-1ubuntu3.2) artful-security; urgency=medium

  * SECURITY UPDATE: denial of service due to integer overflow
    - debian/patches/CVE-2017-9951.patch: check for integer overflow on
      key requests
    - CVE-2017-9951
  * SECURITY UPDATE: disable listening on UDP port by default due to
    use in DDoS amplification attacks
    - debian/patches/disable-udp-by-default.patch: disable UDP port by
      default. (LP: #1752831)
    - debian/NEWS: add explanation and document how to re-enable UDP if
      necessary.
    - CVE-2018-1000115
  * debian/patches/fix-compiler-warning.patch: fix compilation warning
    with gcc-7 that causes FTBFS.
  * debian/rules: disable tests on armhf, to prevent the build hanging.

 -- Steve Beattie <email address hidden>  Mon, 05 Mar 2018 01:29:48 -0800

Available diffs

• diff from 1.4.33-1ubuntu3.1 to 1.4.33-1ubuntu3.2 (886 bytes)

memcached (1.4.25-2ubuntu1.3) xenial-security; urgency=medium

  * SECURITY UPDATE: denial of service due to integer overflow
    - debian/patches/CVE-2017-9951.patch: check for integer overflow on
      key requests
    - CVE-2017-9951
  * SECURITY UPDATE: disable listening on UDP port by default due to
    use in DDoS amplification attacks
    - debian/patches/disable-udp-by-default.patch: disable UDP port by
      default. (LP: #1752831)
    - debian/NEWS: add explanation and document how to re-enable UDP if
      necessary.
    - CVE-2018-1000115

 -- Steve Beattie <email address hidden>  Mon, 05 Mar 2018 01:08:38 -0800

Available diffs

• diff from 1.4.25-2ubuntu1.2 to 1.4.25-2ubuntu1.3 (2.4 KiB)

memcached (1.5.4-1ubuntu3) bionic; urgency=medium

  * SECURITY UPDATE: disable listening on UDP port by default due to
    use in DDoS amplification attacks
    - debian/patches/disable-udp-by-default.patch: disable UDP port by
      default. (LP: #1752831)
    - debian/NEWS: add explanation and document how to re-enable UDP if
      necessary.

 -- Steve Beattie <email address hidden>  Fri, 02 Mar 2018 10:24:18 -0800

Available diffs

• diff from 1.5.4-1ubuntu2 (in Ubuntu) to 1.5.4-1ubuntu3 (1.8 KiB)

memcached (1.5.4-1ubuntu2) bionic; urgency=medium

  * rules: Disable tests on armhf, they hang the build.

 -- Timo Aaltonen <email address hidden>  Thu, 01 Mar 2018 18:50:25 +0200

Available diffs

• diff from 1.4.33-1ubuntu3 to 1.5.4-1ubuntu2 (126.1 KiB)
• diff from 1.5.4-1ubuntu1 to 1.5.4-1ubuntu2 (502 bytes)

memcached (1.5.4-1ubuntu1) bionic; urgency=low

  * Merge with Debian unstable.
    - Fixes build failure with gcc-7; LP: #1724856.
  * Remaining changes:
    - added patch to show distribution on version
    - Force alignment on in configure.ac
    - disable unreliable test.

 -- Timo Aaltonen <email address hidden>  Thu, 01 Mar 2018 16:58:09 +0200

Available diffs

• diff from 1.5.0-1ubuntu1 to 1.5.4-1ubuntu1 (73.0 KiB)

memcached (1.5.0-1ubuntu1) bionic; urgency=medium

  * Merge with Debian unstable.
    - Fixes build failure with gcc-7; LP: #1724856.
  * Remaining changes:
    - added patch to show distribution on version
    - Force alignment on in configure.ac
    - disable unreliable test.

Available diffs

• diff from 1.4.33-1ubuntu3 to 1.5.0-1ubuntu1 (68.2 KiB)

memcached (1.4.33-1ubuntu3) artful; urgency=medium

  * No-change rebuild against libevent-2.1-6

 -- Steve Langasek <email address hidden>  Mon, 31 Jul 2017 02:47:12 +0000

Available diffs

• diff from 1.4.33-1ubuntu2 to 1.4.33-1ubuntu3 (345 bytes)

memcached (1.4.33-1ubuntu2) zesty; urgency=medium

  * debian/patches/disable_watcher_test.patch: disable unreliable test.

 -- Marc Deslauriers <email address hidden>  Wed, 01 Feb 2017 14:57:25 -0500

Available diffs

• diff from 1.4.25-2ubuntu3 to 1.4.33-1ubuntu2 (88.5 KiB)
• diff from 1.4.33-1ubuntu1 to 1.4.33-1ubuntu2 (1.6 KiB)

memcached (1.4.33-1ubuntu1) zesty; urgency=medium

  * Merge from Debian unstable. Remaining changes:
    - debian/patches/fix-distribution.patch: added patch to show
      distribution on version
    - debian/patches/always_enable_alignment.patch: Force alignment on in
      configure.ac.

Available diffs

• diff from 1.4.25-2ubuntu3 to 1.4.33-1ubuntu1 (87.5 KiB)

memcached (1.4.25-2ubuntu3) zesty; urgency=medium

  * SECURITY UPDATE: multiple integer overflow vulnerabilities
    - debian/patches/CVE-2016-870x.patch: check nbytes and nkey in items.c,
      properly handle lengths in memcached.c.
    - CVE-2016-8704
    - CVE-2016-8705
    - CVE-2016-8706

 -- Marc Deslauriers <email address hidden>  Wed, 02 Nov 2016 08:05:05 -0400

Available diffs

• diff from 1.4.25-2ubuntu2 to 1.4.25-2ubuntu3 (1.3 KiB)

memcached (1.4.25-2ubuntu1.2) xenial-security; urgency=medium

  * SECURITY UPDATE: multiple integer overflow vulnerabilities
    - debian/patches/CVE-2016-870x.patch: check nbytes and nkey in items.c,
      properly handle lengths in memcached.c.
    - CVE-2016-8704
    - CVE-2016-8705
    - CVE-2016-8706
  * debian/patches/always_enable_alignment.patch: fix FTBFS on armhf.

 -- Marc Deslauriers <email address hidden>  Wed, 02 Nov 2016 08:08:44 -0400

Available diffs

• diff from 1.4.25-2ubuntu1.1 to 1.4.25-2ubuntu1.2 (1.3 KiB)

memcached (1.4.13-0ubuntu2.2) precise-security; urgency=medium

  * SECURITY UPDATE: multiple integer overflow vulnerabilities
    - debian/patches/CVE-2016-870x.patch: check nbytes and nkey in items.c,
      properly handle lengths in memcached.c.
    - CVE-2016-8704
    - CVE-2016-8705
    - CVE-2016-8706

 -- Marc Deslauriers <email address hidden>  Wed, 02 Nov 2016 08:18:39 -0400

Available diffs

• diff from 1.4.13-0ubuntu2.1 (in ~ubuntu-security/ubuntu/ppa) to 1.4.13-0ubuntu2.2 (1.2 KiB)
• diff from 1.4.13-0ubuntu2 (in Ubuntu) to 1.4.13-0ubuntu2.2 (3.9 KiB)

memcached (1.4.14-0ubuntu9.1) trusty-security; urgency=medium

  * SECURITY UPDATE: multiple integer overflow vulnerabilities
    - debian/patches/CVE-2016-870x.patch: check nbytes and nkey in items.c,
      properly handle lengths in memcached.c.
    - CVE-2016-8704
    - CVE-2016-8705
    - CVE-2016-8706

 -- Marc Deslauriers <email address hidden>  Wed, 02 Nov 2016 08:17:58 -0400

Available diffs

• diff from 1.4.14-0ubuntu9 (in Ubuntu) to 1.4.14-0ubuntu9.1 (1.2 KiB)

memcached (1.4.25-2ubuntu2.1) yakkety-security; urgency=medium

  * SECURITY UPDATE: multiple integer overflow vulnerabilities
    - debian/patches/CVE-2016-870x.patch: check nbytes and nkey in items.c,
      properly handle lengths in memcached.c.
    - CVE-2016-8704
    - CVE-2016-8705
    - CVE-2016-8706

 -- Marc Deslauriers <email address hidden>  Wed, 02 Nov 2016 08:05:05 -0400

Available diffs

• diff from 1.4.25-2ubuntu2 (in Ubuntu) to 1.4.25-2ubuntu2.1 (1.3 KiB)

memcached (1.4.25-2ubuntu2) yakkety; urgency=medium

  * debian/patches/always_enable_alignment.patch: Force alignment on in
    configure.ac.  Closes LP: #1630742.

 -- Nishanth Aravamudan <email address hidden>  Wed, 05 Oct 2016 13:00:51 -0700

Available diffs

• diff from 1.4.25-2ubuntu1 to 1.4.25-2ubuntu2 (1.2 KiB)

memcached (1.4.25-2ubuntu1) xenial; urgency=medium

  * Merge from Debian unstable (LP: #1556304). Remaining changes:
    - debian/patches/fix-distribution.patch: added patch to show
      distribution on version (updated to make merging easier)
  * Drop:
    - debian/patches/disable_slabs_test.patch: disable unreliable test.
      + Merged in Debian 1.4.25-2.

Available diffs

• diff from 1.4.25-1ubuntu2 to 1.4.25-2ubuntu1 (3.4 KiB)