Change logs for memcached source package in Trusty

  • memcached (1.4.14-0ubuntu9.3) trusty-security; urgency=medium
    
      * SECURITY UPDATE: Integer Overflow in items.c:item_free()
        - debian/patches/CVE-2018-1000127.patch: Don't overflow item refcount
          on get in memcached.c.
        - CVE-2018-1000127
    
     -- Marc Deslauriers <email address hidden>  Mon, 19 Mar 2018 10:15:57 -0400
  • memcached (1.4.14-0ubuntu9.2) trusty-security; urgency=medium
    
      * SECURITY UPDATE: denial of service due to integer overflow
        - debian/patches/CVE-2017-9951.patch: check for integer overflow on
          key requests
        - CVE-2017-9951
      * SECURITY UPDATE: disable listening on UDP port by default due to
        use in DDoS amplification attacks
        - debian/patches/disable-udp-by-default.patch: disable UDP port by
          default. (LP: #1752831)
        - debian/NEWS: add explanation and document how to re-enable UDP if
          necessary.
        - CVE-2018-1000115
    
     -- Steve Beattie <email address hidden>  Mon, 05 Mar 2018 02:10:59 -0800
  • memcached (1.4.14-0ubuntu9.1) trusty-security; urgency=medium
    
      * SECURITY UPDATE: multiple integer overflow vulnerabilities
        - debian/patches/CVE-2016-870x.patch: check nbytes and nkey in items.c,
          properly handle lengths in memcached.c.
        - CVE-2016-8704
        - CVE-2016-8705
        - CVE-2016-8706
    
     -- Marc Deslauriers <email address hidden>  Wed, 02 Nov 2016 08:17:58 -0400
  • memcached (1.4.14-0ubuntu9) trusty; urgency=low
    
      * SECURITY UPDATE: denial of service via large body length
        - debian/patches/CVE-2011-4971.patch: check length in memcached.c,
          added test to t/issue_192.t.
        - CVE-2011-4971
      * SECURITY UPDATE: denial of service when using -vv
        - debian/patches/CVE-2013-0179.patch: properly format key in items.c,
          memcached.c.
        - CVE-2013-0179
      * SECURITY UPDATE: SASL authentication bypass
        - debian/patches/CVE-2013-7239.patch: explicitly record sasl auth
          states in memcached.*, added test to t/binary-sasl.t.
        - CVE-2013-7239
      * debian/memcached.postinst: don't create home directory so we don't end
        up with /nonexistent. Thanks to Dustin Lundquist for patch.
        (LP: #1255328)
     -- Marc Deslauriers <email address hidden>   Mon, 13 Jan 2014 15:48:48 -0500
  • memcached (1.4.14-0ubuntu8) trusty; urgency=low
    
      * Revert unnecessary deltas added to patches compared to Debian.
      * Revert use of dh-autoreconf and patch configure manually to
        match configure.ac, as this package despises modern autotools.
     -- Adam Conrad <email address hidden>   Thu, 14 Nov 2013 23:16:44 +0000
  • memcached (1.4.14-0ubuntu7) trusty; urgency=low
    
      * debian/rules: Fix the previous fixes a little harder, so they work.
     -- Adam Conrad <email address hidden>   Thu, 14 Nov 2013 22:49:46 +0000
  • memcached (1.4.14-0ubuntu6) trusty; urgency=low
    
      * debian/rules: Shuffle things around so that dh_autoreconf is always
        run before dh_quilt_patch.  Fixes FTBFS with dpkg-buildpackage -B.
    
    memcached (1.4.14-0ubuntu5) trusty; urgency=low
    
      * debian/control: added lsb-release, dh-autoreconf to build depends
      * debian/rules: run autoreconf
      * debian/patches/fix-distribution.patch: added patch to show
        distribution on version
     -- Barry Warsaw <email address hidden>   Thu, 14 Nov 2013 17:05:29 -0500
  • memcached (1.4.14-0ubuntu5) trusty; urgency=low
    
      * debian/control: added lsb-release, dh-autoreconf to build depends
      * debian/rules: run autoreconf
      * debian/patches/fix-distribution.patch: added patch to show
        distribution on version
     -- Yolanda Robla <email address hidden>   Wed, 13 Nov 2013 13:50:59 +0100
  • memcached (1.4.14-0ubuntu4) saucy; urgency=low
    
      * Move dh_quilt_apply into configure step so that config.{sub,guess}
        patches get applied before running configure. (LP: #1218114)
     -- dann frazier <email address hidden>   Thu, 29 Aug 2013 20:28:20 -0400