[Merge] ~lucaskanashiro/ubuntu/+source/memcached:sync into ubuntu/+source/memcached:debian/sid
Lucas Kanashiro
kanashiro at riseup.net
Tue Nov 5 12:30:45 UTC 2019
Lucas Kanashiro has proposed merging ~lucaskanashiro/ubuntu/+source/memcached:sync into ubuntu/+source/memcached:debian/sid.
Requested reviews:
Canonical Server Core Reviewers (canonical-server-core-reviewers)
Ubuntu Server Developers (ubuntu-server-dev)
For more details, see:
https://code.launchpad.net/~lucaskanashiro/ubuntu/+source/memcached/+git/memcached/+merge/375147
The version 1.5.19-2 from Debian applied all the delta we carry, due to that this package should be sync'ed instead of merged. As proposed by Andreas this MP is just for review purpose. Below are the changes applied in this latest version present in our delta:
* SECURITY UPDATE: denial of service via crafted lru messages
- debian/patches/CVE-2019-11596.patch: fix off by one in token count in
memcached.c.
- CVE-2019-11596
* SECURITY UPDATE: stack-based buffer over-read
- debian/patches/CVE-2019-15026.patch: fix strncpy call to
avoid ASAN violation in memcached.c.
- CVE-2019-15026
* New upstream release.
* Includes fixes for various failures on various architectures,
including the fix for alignment issues on some ARM platforms for
chunked items (LP: #1780838).
--
Your team Ubuntu Server Developers is requested to review the proposed merge of ~lucaskanashiro/ubuntu/+source/memcached:sync into ubuntu/+source/memcached:debian/sid.
More information about the Ubuntu-reviews
mailing list