-
memcached (1.4.14-0ubuntu9.3) trusty-security; urgency=medium
* SECURITY UPDATE: Integer Overflow in items.c:item_free()
- debian/patches/CVE-2018-1000127.patch: Don't overflow item refcount
on get in memcached.c.
- CVE-2018-1000127
-- Marc Deslauriers <email address hidden> Mon, 19 Mar 2018 10:15:57 -0400
-
memcached (1.4.14-0ubuntu9.2) trusty-security; urgency=medium
* SECURITY UPDATE: denial of service due to integer overflow
- debian/patches/CVE-2017-9951.patch: check for integer overflow on
key requests
- CVE-2017-9951
* SECURITY UPDATE: disable listening on UDP port by default due to
use in DDoS amplification attacks
- debian/patches/disable-udp-by-default.patch: disable UDP port by
default. (LP: #1752831)
- debian/NEWS: add explanation and document how to re-enable UDP if
necessary.
- CVE-2018-1000115
-- Steve Beattie <email address hidden> Mon, 05 Mar 2018 02:10:59 -0800
-
memcached (1.4.14-0ubuntu9.1) trusty-security; urgency=medium
* SECURITY UPDATE: multiple integer overflow vulnerabilities
- debian/patches/CVE-2016-870x.patch: check nbytes and nkey in items.c,
properly handle lengths in memcached.c.
- CVE-2016-8704
- CVE-2016-8705
- CVE-2016-8706
-- Marc Deslauriers <email address hidden> Wed, 02 Nov 2016 08:17:58 -0400
-
memcached (1.4.14-0ubuntu9) trusty; urgency=low
* SECURITY UPDATE: denial of service via large body length
- debian/patches/CVE-2011-4971.patch: check length in memcached.c,
added test to t/issue_192.t.
- CVE-2011-4971
* SECURITY UPDATE: denial of service when using -vv
- debian/patches/CVE-2013-0179.patch: properly format key in items.c,
memcached.c.
- CVE-2013-0179
* SECURITY UPDATE: SASL authentication bypass
- debian/patches/CVE-2013-7239.patch: explicitly record sasl auth
states in memcached.*, added test to t/binary-sasl.t.
- CVE-2013-7239
* debian/memcached.postinst: don't create home directory so we don't end
up with /nonexistent. Thanks to Dustin Lundquist for patch.
(LP: #1255328)
-- Marc Deslauriers <email address hidden> Mon, 13 Jan 2014 15:48:48 -0500
-
memcached (1.4.14-0ubuntu8) trusty; urgency=low
* Revert unnecessary deltas added to patches compared to Debian.
* Revert use of dh-autoreconf and patch configure manually to
match configure.ac, as this package despises modern autotools.
-- Adam Conrad <email address hidden> Thu, 14 Nov 2013 23:16:44 +0000
-
memcached (1.4.14-0ubuntu7) trusty; urgency=low
* debian/rules: Fix the previous fixes a little harder, so they work.
-- Adam Conrad <email address hidden> Thu, 14 Nov 2013 22:49:46 +0000
-
memcached (1.4.14-0ubuntu6) trusty; urgency=low
* debian/rules: Shuffle things around so that dh_autoreconf is always
run before dh_quilt_patch. Fixes FTBFS with dpkg-buildpackage -B.
memcached (1.4.14-0ubuntu5) trusty; urgency=low
* debian/control: added lsb-release, dh-autoreconf to build depends
* debian/rules: run autoreconf
* debian/patches/fix-distribution.patch: added patch to show
distribution on version
-- Barry Warsaw <email address hidden> Thu, 14 Nov 2013 17:05:29 -0500
-
memcached (1.4.14-0ubuntu5) trusty; urgency=low
* debian/control: added lsb-release, dh-autoreconf to build depends
* debian/rules: run autoreconf
* debian/patches/fix-distribution.patch: added patch to show
distribution on version
-- Yolanda Robla <email address hidden> Wed, 13 Nov 2013 13:50:59 +0100
-
memcached (1.4.14-0ubuntu4) saucy; urgency=low
* Move dh_quilt_apply into configure step so that config.{sub,guess}
patches get applied before running configure. (LP: #1218114)
-- dann frazier <email address hidden> Thu, 29 Aug 2013 20:28:20 -0400