Bug#873758: stretch-pu: package memcached/1.4.33-1
Control: tags -1 + confirmed
On Wed, 2017-08-30 at 21:33 +0200, gui@iroqwa.org wrote:
> The attached patch fix CVE-2017-9951 which has been not fixed via a DSA,
> as discussed with Salvatore Bonaccorso: https://bugs.debian.org/868701.
+memcached (1.4.33-1+deb9u1) stretch; urgency=high
+
+ * Non-maintainer upload by the Security Team.
So far as I can tell, you're not a member of the Security Team, so this
is incorrect.
+ * Fix CVE-2017-9951 by checking the integer length of commands that adds or
+ replaces key/value pair
+
+ -- Guillaume Delacour <gui@iroqwa.org> Tue, 25 Jul 2017 00:38:52 +0200
Please go ahead, bearing in mind the above comment.
Regards,
Adam
Reply to: