Your message dated Sun, 09 Aug 2009 16:32:43 +0000
with message-id <e1mabk7-0008pb...@ries.debian.org>
and subject line Bug#540381: fixed in memcachedb 1.2.0-5
has caused the Debian Bug report #540381,
regarding memcached: CVE-2009-2415 heap-based buffer overflow in length
processing
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
540381: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=540381
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: memcached
Version: 1.2.8-2
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for memcached.
CVE-2009-2415[0]:
| Ronald Volgers discovered that memcached, a high-performance memory object
| caching system, is vulnerable to several heap-based buffer overflows due
| to integer conversions when parsing certain length attributes. An
| attacker can use this to execute arbitrary code on the system running
| memcached (on etch with root privileges).
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://lists.debian.org/debian-security-announce/2009/msg00169.html
http://security-tracker.debian.net/tracker/CVE-2009-2415
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.
pgpOfKAfhfirt.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: memcachedb
Source-Version: 1.2.0-5
We believe that the bug you reported is fixed in the latest version of
memcachedb, which is due to be installed in the Debian FTP archive:
memcachedb_1.2.0-5.diff.gz
to pool/main/m/memcachedb/memcachedb_1.2.0-5.diff.gz
memcachedb_1.2.0-5.dsc
to pool/main/m/memcachedb/memcachedb_1.2.0-5.dsc
memcachedb_1.2.0-5_amd64.deb
to pool/main/m/memcachedb/memcachedb_1.2.0-5_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 540...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Arto Jantunen <vi...@debian.org> (supplier of updated memcachedb package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 09 Aug 2009 18:47:25 +0300
Source: memcachedb
Binary: memcachedb
Architecture: source amd64
Version: 1.2.0-5
Distribution: unstable
Urgency: high
Maintainer: Arto Jantunen <vi...@debian.org>
Changed-By: Arto Jantunen <vi...@debian.org>
Description:
memcachedb - Persistent storage engine using the memcache protocol
Closes: 540381
Changes:
memcachedb (1.2.0-5) unstable; urgency=high
.
* Added patch 02_CVE-2009-2415 to fix a heap based buffer overflow
02_CVE-2009-2415 (Closes: #540381)
Checksums-Sha1:
941baae5256e721e6e20f73fe06b21f027c1400a 1028 memcachedb_1.2.0-5.dsc
9d888a6ba090305d67b2f840b7ae39ed871d0db7 13399 memcachedb_1.2.0-5.diff.gz
1d6407d70fa3023ed97ee5c5a5e2f52e55b8c84f 59930 memcachedb_1.2.0-5_amd64.deb
Checksums-Sha256:
bea20bcc29ac159b39b3f1be3765813727e37265f78f1de2586352f4663947bd 1028
memcachedb_1.2.0-5.dsc
07e6f5554adcfdb00a515f5cf696076ecc6057e09eb9e60f825bf60d07cffb78 13399
memcachedb_1.2.0-5.diff.gz
f21342a4b1dfc910160aa735b92ba4467ce789baef21c4aec8260187091750fd 59930
memcachedb_1.2.0-5_amd64.deb
Files:
45c549e5758112db3a4c3cd5f9090b78 1028 web optional memcachedb_1.2.0-5.dsc
1b1e70b0595928d2b06a32047b66c213 13399 web optional memcachedb_1.2.0-5.diff.gz
c0d18c8793ba9e97956bf1ea5ab317a5 59930 web optional
memcachedb_1.2.0-5_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFKfvCGQ9/iJIjcFnoRAhtAAJ4iJ8GUwqaNxf/ZKMq387PX7f0JJwCeJyTC
RTKWRJu9lchqq37WtyacInw=
=6gL3
-----END PGP SIGNATURE-----
--- End Message ---
