commit memcached for openSUSE:Factory

h_root Fri, 08 Mar 2013 00:23:02 -0800

Hello community,

here is the log from the commit of package memcached for openSUSE:Factory 
checked in at 2013-03-08 09:22:56
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/memcached (Old)
 and      /work/SRC/openSUSE:Factory/.memcached.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "memcached", Maintainer is "mrueck...@suse.com"

Changes:
--------
--- /work/SRC/openSUSE:Factory/memcached/memcached.changes      2012-11-20 
13:09:27.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.memcached.new/memcached.changes 2013-03-08 
09:22:57.000000000 +0100
@@ -1,0 +2,7 @@
+Tue Jan 15 11:44:05 UTC 2013 - mrueck...@suse.de
+
+- added memcached-1.4.x_delete_verbose_mode_dos.patch (bnc#798458)
+  DoS when printing out keys to be deleted in verbose mode
+  Upstream bug 306 (CVE-2013-0179)
+
+-------------------------------------------------------------------

New:
----
  memcached-1.4.x_delete_verbose_mode_dos.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ memcached.spec ++++++
--- /var/tmp/diff_new_pack.r2Ljkl/_old  2013-03-08 09:22:59.000000000 +0100
+++ /var/tmp/diff_new_pack.r2Ljkl/_new  2013-03-08 09:22:59.000000000 +0100
@@ -52,6 +52,7 @@
 Patch0:         memcached-1.4.5.dif
 Patch1:         memcached-autofoo.patch
 Patch2:         memcached-use-endian_h.patch
+Patch3:         memcached-1.4.x_delete_verbose_mode_dos.patch
 #
 Summary:        A high-performance, distributed memory object caching system
 License:        BSD-3-Clause
@@ -77,6 +78,7 @@
 %patch0
 %patch1
 %patch2
+%patch3 -p1
 
 %build
 autoreconf -fiv

++++++ memcached-1.4.x_delete_verbose_mode_dos.patch ++++++
>From d711492c32626c0d7ba201791a681a5bffebcedf Mon Sep 17 00:00:00 2001
From: Jeremy Sowden <jeremy.sow...@gmail.com>
Date: Wed, 9 Jan 2013 15:43:41 +0000
Subject: [PATCH] Fix buffer-overrun when logging key to delete in binary
 protocol.


---
 memcached.c |    7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)


diff --git a/memcached.c b/memcached.c
index d157b4e..1fd87c9 100644
--- a/memcached.c
+++ b/memcached.c
@@ -2150,7 +2150,12 @@ static void process_bin_delete(conn *c) {
     assert(c != NULL);
 
     if (settings.verbose > 1) {
-        fprintf(stderr, "Deleting %s\n", key);
+        int ii;
+        fprintf(stderr, "Deleting ");
+        for (ii = 0; ii < nkey; ++ii) {
+            fprintf(stderr, "%c", key[ii]);
+        }
+        fprintf(stderr, "\n");
     }
 
     if (settings.detail_enabled) {
-- 
1.7.10.4
-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org

commit memcached for openSUSE:Factory

Reply via email to