Bug#928474: marked as done (unblock: memcached/1.5.6-1.1)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Sat, 11 May 2019 18:21:54 +0100
with message-id <20190511172154.GA10340@powdarrmonkey.net>
and subject line Re: Bug#928474: (semi-preapproval) unblock: memcached/1.5.6-1.1
has caused the Debian Bug report #928474,
regarding unblock: memcached/1.5.6-1.1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
928474: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928474
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: (semi-preapproval) unblock: memcached/1.5.6-1.1
• From: Salvatore Bonaccorso <carnil@debian.org>
• Date: Sun, 05 May 2019 15:38:05 +0200
• Message-id: <[🔎] 155706348543.899.15065108828045571290.reportbug@lorien.valinor.li>

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Hi,

Please unblock package memcached, though it is not yet uploaded to
unstable and only in the DELAYED/5 queue.

The upload fixes a NULL pointer dereference issue with  the "lru mode"
and "lru temp_ttl" commands, this was CVE-2019-11596 and tracked as
#928205. 

Attached is the debdiff between the version in testing and the NMU
upload.

unblock memcached/1.5.6-1.1

Regards,
Salvatore

diff -Nru memcached-1.5.6/debian/changelog memcached-1.5.6/debian/changelog
--- memcached-1.5.6/debian/changelog	2018-03-06 18:59:39.000000000 +0100
+++ memcached-1.5.6/debian/changelog	2019-05-05 13:36:30.000000000 +0200
@@ -1,3 +1,11 @@
+memcached (1.5.6-1.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix NULL pointer dereference in the "lru mode" and "lru temp_ttl" commands
+    (CVE-2019-11596) (Closes: #928205)
+
+ -- Salvatore Bonaccorso <carnil@debian.org>  Sun, 05 May 2019 13:36:30 +0200
+
 memcached (1.5.6-1) unstable; urgency=medium
 
   * New upstream release
diff -Nru memcached-1.5.6/debian/patches/08_fix-segfault-in-lru-command.patch memcached-1.5.6/debian/patches/08_fix-segfault-in-lru-command.patch
--- memcached-1.5.6/debian/patches/08_fix-segfault-in-lru-command.patch	1970-01-01 01:00:00.000000000 +0100
+++ memcached-1.5.6/debian/patches/08_fix-segfault-in-lru-command.patch	2019-05-05 13:36:30.000000000 +0200
@@ -0,0 +1,38 @@
+From: dormando <dormando@rydia.net>
+Date: Sat, 27 Apr 2019 01:17:57 -0700
+Subject: fix segfault in "lru" command
+Origin: https://github.com/memcached/memcached/commit/d35334f368817a77a6bd1f33c6a5676b2c402c02
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-11596
+Bug-Debian: https://bugs.debian.org/928205
+Bug: https://github.com/memcached/memcached/issues/474
+
+fixes #474 - off by one in token count.
+---
+ memcached.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/memcached.c b/memcached.c
+index d64a83816ca6..7fd3e40e1155 100644
+--- a/memcached.c
++++ b/memcached.c
+@@ -4632,7 +4632,7 @@ static void process_lru_command(conn *c, token_t *tokens, const size_t ntokens)
+                 out_string(c, "OK");
+             }
+         }
+-    } else if (strcmp(tokens[1].value, "mode") == 0 && ntokens >= 3 &&
++    } else if (strcmp(tokens[1].value, "mode") == 0 && ntokens >= 4 &&
+                settings.lru_maintainer_thread) {
+         if (strcmp(tokens[2].value, "flat") == 0) {
+             settings.lru_segmented = false;
+@@ -4643,7 +4643,7 @@ static void process_lru_command(conn *c, token_t *tokens, const size_t ntokens)
+         } else {
+             out_string(c, "ERROR");
+         }
+-    } else if (strcmp(tokens[1].value, "temp_ttl") == 0 && ntokens >= 3 &&
++    } else if (strcmp(tokens[1].value, "temp_ttl") == 0 && ntokens >= 4 &&
+                settings.lru_maintainer_thread) {
+         if (!safe_strtol(tokens[2].value, &ttl)) {
+             out_string(c, "ERROR");
+-- 
+2.11.0
+
diff -Nru memcached-1.5.6/debian/patches/series memcached-1.5.6/debian/patches/series
--- memcached-1.5.6/debian/patches/series	2017-09-20 21:09:46.000000000 +0200
+++ memcached-1.5.6/debian/patches/series	2019-05-05 13:36:30.000000000 +0200
@@ -2,3 +2,4 @@
 02_service_wrapper.patch
 04_add_init_retry.patch
 07_disable_tests.patch
+08_fix-segfault-in-lru-command.patch

--- End Message ---

--- Begin Message ---

• To: Salvatore Bonaccorso <carnil@debian.org>, 928474-done@bugs.debian.org
• Subject: Re: Bug#928474: (semi-preapproval) unblock: memcached/1.5.6-1.1
• From: Jonathan Wiltshire <jmw@debian.org>
• Date: Sat, 11 May 2019 18:21:54 +0100
• Message-id: <20190511172154.GA10340@powdarrmonkey.net>
• In-reply-to: <[🔎] 155706348543.899.15065108828045571290.reportbug@lorien.valinor.li>
• References: <[🔎] 155706348543.899.15065108828045571290.reportbug@lorien.valinor.li>

On Sun, May 05, 2019 at 03:38:05PM +0200, Salvatore Bonaccorso wrote:
> Please unblock package memcached, though it is not yet uploaded to
> unstable and only in the DELAYED/5 queue.

Unblocked; thanks.

-- 
Jonathan Wiltshire                                      jmw@debian.org
Debian Developer                         http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51

--- End Message ---