Bug#873758: stretch-pu: package memcached/1.4.33-1

To: gui@iroqwa.org, 873758@bugs.debian.org
Subject: Bug#873758: stretch-pu: package memcached/1.4.33-1
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Wed, 30 Aug 2017 20:58:14 +0100
Message-id: <[🔎] 1504123094.1880.39.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 873758@bugs.debian.org
In-reply-to: <[🔎] 150412163040.28907.13242363575956492104.reportbug@yamcha>
References: <[🔎] 150412163040.28907.13242363575956492104.reportbug@yamcha> <[🔎] 150412163040.28907.13242363575956492104.reportbug@yamcha>

Control: tags -1 + confirmed

On Wed, 2017-08-30 at 21:33 +0200, gui@iroqwa.org wrote:
> The attached patch fix CVE-2017-9951 which has been not fixed via a DSA,
> as discussed with Salvatore Bonaccorso: https://bugs.debian.org/868701.

+memcached (1.4.33-1+deb9u1) stretch; urgency=high
+
+  * Non-maintainer upload by the Security Team.

So far as I can tell, you're not a member of the Security Team, so this
is incorrect.

+  * Fix CVE-2017-9951 by checking the integer length of commands that adds or
+    replaces key/value pair
+
+ -- Guillaume Delacour <gui@iroqwa.org>  Tue, 25 Jul 2017 00:38:52 +0200

Please go ahead, bearing in mind the above comment.

Regards,

Adam

Reply to:

References:
- Bug#873758: stretch-pu: package memcached/1.4.33-1
  - From: gui@iroqwa.org

Prev by Date: Processed: Re: Bug#873758: stretch-pu: package memcached/1.4.33-1
Next by Date: Bug#849505: transition: nodejs
Previous by thread: Processed: Re: Bug#873758: stretch-pu: package memcached/1.4.33-1
Next by thread: Bug#873771: stretch-pu: package evolution/3.22.6-1+deb9u1
Index(es):
- Date
- Thread