Your message dated Sun, 09 Aug 2009 16:32:43 +0000 with message-id <e1mabk7-0008pb...@ries.debian.org> and subject line Bug#540381: fixed in memcachedb 1.2.0-5 has caused the Debian Bug report #540381, regarding memcached: CVE-2009-2415 heap-based buffer overflow in length processing to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 540381: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=540381 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: memcached Version: 1.2.8-2 Severity: grave Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for memcached. CVE-2009-2415[0]: | Ronald Volgers discovered that memcached, a high-performance memory object | caching system, is vulnerable to several heap-based buffer overflows due | to integer conversions when parsing certain length attributes. An | attacker can use this to execute arbitrary code on the system running | memcached (on etch with root privileges). If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://lists.debian.org/debian-security-announce/2009/msg00169.html http://security-tracker.debian.net/tracker/CVE-2009-2415 -- Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0AAAA For security reasons, all text in this mail is double-rot13 encrypted.pgpOfKAfhfirt.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---Source: memcachedb Source-Version: 1.2.0-5 We believe that the bug you reported is fixed in the latest version of memcachedb, which is due to be installed in the Debian FTP archive: memcachedb_1.2.0-5.diff.gz to pool/main/m/memcachedb/memcachedb_1.2.0-5.diff.gz memcachedb_1.2.0-5.dsc to pool/main/m/memcachedb/memcachedb_1.2.0-5.dsc memcachedb_1.2.0-5_amd64.deb to pool/main/m/memcachedb/memcachedb_1.2.0-5_amd64.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 540...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Arto Jantunen <vi...@debian.org> (supplier of updated memcachedb package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sun, 09 Aug 2009 18:47:25 +0300 Source: memcachedb Binary: memcachedb Architecture: source amd64 Version: 1.2.0-5 Distribution: unstable Urgency: high Maintainer: Arto Jantunen <vi...@debian.org> Changed-By: Arto Jantunen <vi...@debian.org> Description: memcachedb - Persistent storage engine using the memcache protocol Closes: 540381 Changes: memcachedb (1.2.0-5) unstable; urgency=high . * Added patch 02_CVE-2009-2415 to fix a heap based buffer overflow 02_CVE-2009-2415 (Closes: #540381) Checksums-Sha1: 941baae5256e721e6e20f73fe06b21f027c1400a 1028 memcachedb_1.2.0-5.dsc 9d888a6ba090305d67b2f840b7ae39ed871d0db7 13399 memcachedb_1.2.0-5.diff.gz 1d6407d70fa3023ed97ee5c5a5e2f52e55b8c84f 59930 memcachedb_1.2.0-5_amd64.deb Checksums-Sha256: bea20bcc29ac159b39b3f1be3765813727e37265f78f1de2586352f4663947bd 1028 memcachedb_1.2.0-5.dsc 07e6f5554adcfdb00a515f5cf696076ecc6057e09eb9e60f825bf60d07cffb78 13399 memcachedb_1.2.0-5.diff.gz f21342a4b1dfc910160aa735b92ba4467ce789baef21c4aec8260187091750fd 59930 memcachedb_1.2.0-5_amd64.deb Files: 45c549e5758112db3a4c3cd5f9090b78 1028 web optional memcachedb_1.2.0-5.dsc 1b1e70b0595928d2b06a32047b66c213 13399 web optional memcachedb_1.2.0-5.diff.gz c0d18c8793ba9e97956bf1ea5ab317a5 59930 web optional memcachedb_1.2.0-5_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFKfvCGQ9/iJIjcFnoRAhtAAJ4iJ8GUwqaNxf/ZKMq387PX7f0JJwCeJyTC RTKWRJu9lchqq37WtyacInw= =6gL3 -----END PGP SIGNATURE-----
--- End Message ---