Your message dated Sat, 05 Nov 2016 18:47:38 +0000 with message-id <e1c360a-0003ph...@fasolo.debian.org> and subject line Bug#842814: fixed in memcached 1.4.21-1.1+deb8u1 has caused the Debian Bug report #842814, regarding memcached: CVE-2016-8706 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 842814: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842814 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: memcached Version: 1.4.31-1 Severity: important Tags: security upstream Hi, the following vulnerability was published for memcached. CVE-2016-8706[0]: |Memcached Server SASL Autentication Remote Code Execution |Vulnerability It is easily reproducible with the TALOS reproducer when memcached enabled SASL authentication and running under valgrind to see the crash. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-8706 [1] http://www.talosintelligence.com/reports/TALOS-2016-0221/ Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: memcached Source-Version: 1.4.21-1.1+deb8u1 We believe that the bug you reported is fixed in the latest version of memcached, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 842...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated memcached package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 01 Nov 2016 22:10:45 +0100 Source: memcached Binary: memcached Architecture: source Version: 1.4.21-1.1+deb8u1 Distribution: jessie-security Urgency: high Maintainer: David MartÃnez Moreno <en...@debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 842811 842812 842814 Description: memcached - high-performance memory object caching system Changes: memcached (1.4.21-1.1+deb8u1) jessie-security; urgency=high . * Non-maintainer upload by the Security Team. * Add patch to fix various issues reported by the Cisco TALOS project. CVE-2016-8704: Server append/prepend remote code execution CVE-2016-8705: Server update remote code execution CVE-2016-8706: Server ASL authentication remote code execution (Closes: #842811, #842812, #842814) Checksums-Sha1: efff52441d258bd3ea40596db0091c195bd01cc4 2165 memcached_1.4.21-1.1+deb8u1.dsc ab10c46dd9f5d4401872d9670e575afa5bc7d66f 345892 memcached_1.4.21.orig.tar.gz 5443fd17f3e633c4e07acbdfc2cde417e7a88d32 15248 memcached_1.4.21-1.1+deb8u1.debian.tar.xz Checksums-Sha256: 182986df18d19b614f7f6ff67219a6a8652082c4aaa1ab0ac7a2c61be51ba9c6 2165 memcached_1.4.21-1.1+deb8u1.dsc 301ebe41c686fa5c0a8e39cdf49a32f21fcc9357358792216dfb315d16260e8d 345892 memcached_1.4.21.orig.tar.gz 3c257700595f8fdc0e0a93d69051b758484cf2b1c3373314a5426bf3cbbe2e17 15248 memcached_1.4.21-1.1+deb8u1.debian.tar.xz Files: ff01e6d85b7c6e035df325d45960950b 2165 web optional memcached_1.4.21-1.1+deb8u1.dsc 28e744a6ad14891443a582e7a8a62cdd 345892 web optional memcached_1.4.21.orig.tar.gz f28a6b6ec61301cbf053b9c71b5de55c 15248 web optional memcached_1.4.21-1.1+deb8u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKPBAEBCgB5BQJYGQYiXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ0NjQ0NDA5ODA4QzE3MUUwNTUzMURERUUw NTRDQjhGMzEzNDNDRjQ0EhxjYXJuaWxAZGViaWFuLm9yZwAKCRAFTLjzE0PPRFA8 D/9UvHNAjZL8x3GrR9xaafJAro7oDpScB+B9MyikceJwX7luHpGeQkg14OVmqjB8 1tMAF9QNXBj5DwcJR03iriIQ97se7Fi34QoHGdvCQ73AG7DabOIEMKxIhSbwpqfg Asn8wURTSuYjbKG7QVPyu67iNVi50rwFYtFXiYjR9eKrO3o18YLOTZWfS0A+qu1z Qtbscp9hJUf0VyJ8Kdxb/Oj4cLIZAuoqUFRpnYh72AxWyElgzHu2ICt8mCnnXGQd k4aBdVCECgbYfQlsMkcu01yn4oxomPh3K6wBm2X6GLYGeyyrRrP+xYfMPin603Rz Qfq+4165LY54IxLKzsfNVMFwX4maOLyXElcw/DhNCqIGVQZw5LNDyTJxT29Vxlyw YPkTy0XTs3u0ybaE2q2TNvuxnVfyhEaPRwLmZoke4gnNTvVfRzGzSfReBpRXYvyt XYfz1GLlfNXfEi48cuzY6+05pNIqNVSMTHqV46gPMcOveXJq9lbz/8p5ihfx7kZh zcUWdBcznZ20Qhuwkqk+OPox/5vHkjDUPO7FtHWKgk5U6iXWwpNIJGsnrvmt9KnC 7RRHTcyXFzLKv2Yk0ve+PDIiUAb8kJDunXQgMgpr3yUh0Q+J97rxi0kmGvx1tzaE /btg1jKzO9qhPpIE8Jj328g5ekCcfUt52c0G5Ga7CSt8OQ== =7lFk -----END PGP SIGNATURE-----
--- End Message ---
