[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] memcached: upstream contacted and has reproducer, claiming

Antoine Beaupré anarcat at debian.org
Thu Mar 29 20:56:51 UTC 2018 

Antoine Beaupré pushed to branch master at Debian Security Tracker / security-tracker


Commits:
09e0545b by Antoine Beaupré at 2018-03-29T16:51:09-04:00
memcached: upstream contacted and has reproducer, claiming

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=====================================
data/dla-needed.txt
=====================================
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -93,11 +93,13 @@ libvorbis
 --
 linux
 --
-memcached
+memcached (anarcat)
   NOTE: The Wheezy version supports the ascii protocol but the specific
   NOTE: make_ascii_get_suffix function for the fix does not exist. Without a
   NOTE: reproducer I cannot decide whether this version is vulnerable or not.
-  NOTE: Upstream should be contacted.
+  NOTE: -- Markus Koschany 2018-03-23 22:56:23 +0100
+  NOTE: reproducer in http://www.openwall.com/lists/oss-security/2018/03/08/7
+  NOTE: -- anarcat Thu Mar 29 16:30:36 EDT 2018
 --
 mercurial (anarcat)
   NOTE: 20180315: The patch to CVE-2016-1000116 added in 2.2.2-4+deb7u5 makes
@@ -106,7 +108,6 @@ mercurial (anarcat)
   NOTE: 20180315: You will also need to remove `tests/gpg/random_seed` in clean target.
   NOTE: 20180315:
   NOTE: 20180315:    -- Chris Lamb <lamby at debian.org>  Thu, 15 Mar 2018 17:54:32 -0700
-  
 --
 ming (Hugo Lefeuvre)
   NOTE: 20180317: wip, currently working on it with upstream. Since I have to write all patches by myself, it might take a while.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/09e0545bdc2e1061abca4ca83a17b087aa05d352

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/09e0545bdc2e1061abca4ca83a17b087aa05d352
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180329/53672cf0/attachment-0001.html>

More information about the Secure-testing-commits mailing list