Bug#928474: (semi-preapproval) unblock: memcached/1.5.6-1.1
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Hi,
Please unblock package memcached, though it is not yet uploaded to
unstable and only in the DELAYED/5 queue.
The upload fixes a NULL pointer dereference issue with the "lru mode"
and "lru temp_ttl" commands, this was CVE-2019-11596 and tracked as
#928205.
Attached is the debdiff between the version in testing and the NMU
upload.
unblock memcached/1.5.6-1.1
Regards,
Salvatore
diff -Nru memcached-1.5.6/debian/changelog memcached-1.5.6/debian/changelog
--- memcached-1.5.6/debian/changelog 2018-03-06 18:59:39.000000000 +0100
+++ memcached-1.5.6/debian/changelog 2019-05-05 13:36:30.000000000 +0200
@@ -1,3 +1,11 @@
+memcached (1.5.6-1.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Fix NULL pointer dereference in the "lru mode" and "lru temp_ttl" commands
+ (CVE-2019-11596) (Closes: #928205)
+
+ -- Salvatore Bonaccorso <carnil@debian.org> Sun, 05 May 2019 13:36:30 +0200
+
memcached (1.5.6-1) unstable; urgency=medium
* New upstream release
diff -Nru memcached-1.5.6/debian/patches/08_fix-segfault-in-lru-command.patch memcached-1.5.6/debian/patches/08_fix-segfault-in-lru-command.patch
--- memcached-1.5.6/debian/patches/08_fix-segfault-in-lru-command.patch 1970-01-01 01:00:00.000000000 +0100
+++ memcached-1.5.6/debian/patches/08_fix-segfault-in-lru-command.patch 2019-05-05 13:36:30.000000000 +0200
@@ -0,0 +1,38 @@
+From: dormando <dormando@rydia.net>
+Date: Sat, 27 Apr 2019 01:17:57 -0700
+Subject: fix segfault in "lru" command
+Origin: https://github.com/memcached/memcached/commit/d35334f368817a77a6bd1f33c6a5676b2c402c02
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-11596
+Bug-Debian: https://bugs.debian.org/928205
+Bug: https://github.com/memcached/memcached/issues/474
+
+fixes #474 - off by one in token count.
+---
+ memcached.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/memcached.c b/memcached.c
+index d64a83816ca6..7fd3e40e1155 100644
+--- a/memcached.c
++++ b/memcached.c
+@@ -4632,7 +4632,7 @@ static void process_lru_command(conn *c, token_t *tokens, const size_t ntokens)
+ out_string(c, "OK");
+ }
+ }
+- } else if (strcmp(tokens[1].value, "mode") == 0 && ntokens >= 3 &&
++ } else if (strcmp(tokens[1].value, "mode") == 0 && ntokens >= 4 &&
+ settings.lru_maintainer_thread) {
+ if (strcmp(tokens[2].value, "flat") == 0) {
+ settings.lru_segmented = false;
+@@ -4643,7 +4643,7 @@ static void process_lru_command(conn *c, token_t *tokens, const size_t ntokens)
+ } else {
+ out_string(c, "ERROR");
+ }
+- } else if (strcmp(tokens[1].value, "temp_ttl") == 0 && ntokens >= 3 &&
++ } else if (strcmp(tokens[1].value, "temp_ttl") == 0 && ntokens >= 4 &&
+ settings.lru_maintainer_thread) {
+ if (!safe_strtol(tokens[2].value, &ttl)) {
+ out_string(c, "ERROR");
+--
+2.11.0
+
diff -Nru memcached-1.5.6/debian/patches/series memcached-1.5.6/debian/patches/series
--- memcached-1.5.6/debian/patches/series 2017-09-20 21:09:46.000000000 +0200
+++ memcached-1.5.6/debian/patches/series 2019-05-05 13:36:30.000000000 +0200
@@ -2,3 +2,4 @@
02_service_wrapper.patch
04_add_init_retry.patch
07_disable_tests.patch
+08_fix-segfault-in-lru-command.patch
Reply to: