[ubuntu/trusty-proposed] memcached 1.4.14-0ubuntu9 (Accepted)

[Marc Deslauriers]

memcached (1.4.14-0ubuntu9) trusty; urgency=low

  * SECURITY UPDATE: denial of service via large body length
    - debian/patches/CVE-2011-4971.patch: check length in memcached.c,
      added test to t/issue_192.t.
    - CVE-2011-4971
  * SECURITY UPDATE: denial of service when using -vv
    - debian/patches/CVE-2013-0179.patch: properly format key in items.c,
      memcached.c.
    - CVE-2013-0179
  * SECURITY UPDATE: SASL authentication bypass
    - debian/patches/CVE-2013-7239.patch: explicitly record sasl auth
      states in memcached.*, added test to t/binary-sasl.t.
    - CVE-2013-7239
  * debian/memcached.postinst: don't create home directory so we don't end
    up with /nonexistent. Thanks to Dustin Lundquist for patch.
    (LP: #1255328)

Date: Mon, 13 Jan 2014 15:48:48 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/trusty/+source/memcached/1.4.14-0ubuntu9
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 13 Jan 2014 15:48:48 -0500
Source: memcached
Binary: memcached
Architecture: source
Version: 1.4.14-0ubuntu9
Distribution: trusty
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 memcached  - A high-performance memory object caching system
Launchpad-Bugs-Fixed: 1255328
Changes: 
 memcached (1.4.14-0ubuntu9) trusty; urgency=low
 .
   * SECURITY UPDATE: denial of service via large body length
     - debian/patches/CVE-2011-4971.patch: check length in memcached.c,
       added test to t/issue_192.t.
     - CVE-2011-4971
   * SECURITY UPDATE: denial of service when using -vv
     - debian/patches/CVE-2013-0179.patch: properly format key in items.c,
       memcached.c.
     - CVE-2013-0179
   * SECURITY UPDATE: SASL authentication bypass
     - debian/patches/CVE-2013-7239.patch: explicitly record sasl auth
       states in memcached.*, added test to t/binary-sasl.t.
     - CVE-2013-7239
   * debian/memcached.postinst: don't create home directory so we don't end
     up with /nonexistent. Thanks to Dustin Lundquist for patch.
     (LP: #1255328)
Checksums-Sha1: 
 139313788243a0d2523a6d7014aca1ea370f34bb 1913 memcached_1.4.14-0ubuntu9.dsc
 10ed839e6572e3b1d562673032059bae2f5bfe91 30930 memcached_1.4.14-0ubuntu9.diff.gz
Checksums-Sha256: 
 c5707589c616272d6f8914d21cb5ab2f4b1f7533a316551925d6064c4c39b806 1913 memcached_1.4.14-0ubuntu9.dsc
 a0029946d5a09ecd9795fb94547947237f52f29c9f6acd444eb295bb72c7b38c 30930 memcached_1.4.14-0ubuntu9.diff.gz
Files: 
 70849a51323a8e225ffb28314f76cffa 1913 web optional memcached_1.4.14-0ubuntu9.dsc
 2f6f9f388f0914d3471b90a18b8a2b40 30930 web optional memcached_1.4.14-0ubuntu9.diff.gz
Original-Maintainer: David Martínez Moreno <ender at debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iQIcBAEBCgAGBQJS1FdbAAoJEGVp2FWnRL6Twd0QAKxLYIdloDO8jBWtEjHqJuxp
JI6BAeVBsPjVHkTeKIaKg5dBvvHyVBY4SJeYh2YHul53Ah2BU1EopWAD0M/poM5C
CF1lgjQmtuQCaoTdBbP36UsQBGnoLMV31mc5qbkTuBmrdQ2sXkzgWKQxfD6qRoNB
KlFvBGMrHg0RypF+2qEoHb6ORO5UUE9mX6Vbv93UJHqtfZhbk2ALzi0vCZKMyQjz
kJ2FrXFLbD/HB2pvhYBnXlBI2jpedxfqmd1nBM765E8HxZXmmIFMPUJyjEhbzRAO
YVW9XHAXPqjxBeVkSfVZ/2h1rJgkuLyABVLJx5nYKsC0IF2GOlivMeZ0hkGqm8ep
3ojCTTSOeCV98H/zomdZTLs+Kvwq6vZM0QMCttipTs5+TriHk1Y6pIG+4p8Bl+aO
rN7Bjl6hhAL1dipfQYmmWLIS2Vpm7vLksdzYbjwNL92IOBbsNM84ShNAJXeJnI46
xttGI7taPEWfLZG9YWMrV3bEPJOQp/V4qNZOLy4cOeD0UWoYZNSgKzWVer6L11wc
Q9EHIYbfsteO3N8vnYR1pI9QvhyT+OJDMlH8MTpczdxDiXOP/UijIZ2b0cnJLCjA
tRqLvwRIRp8TKc5CxDyTfwRVIfMxYZVajXZYgyUq7pswCOf2uLlRtdG3V9bx3M9I
UvZkS3gLXcRPVN0yxwf8
=/hY5
-----END PGP SIGNATURE-----