Your message dated Thu, 02 Jan 2014 13:47:31 +0000 with message-id <e1vyicv-00052g...@franck.debian.org> and subject line Bug#698231: fixed in memcached 1.4.5-1+deb6u1 has caused the Debian Bug report #698231, regarding memcached: CVE-2013-0179 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 698231: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698231 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: memcached Severity: grave Tags: security Justification: user security hole A minor security issue was found in memcached: http://www.openwall.com/lists/oss-security/2013/01/14/6 This doesn't warrant a DSA, but you could fix it through a point update. For Wheezy a minimal fix should be made instead of updating to a new upstream release. Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: memcached Source-Version: 1.4.5-1+deb6u1 We believe that the bug you reported is fixed in the latest version of memcached, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 698...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated memcached package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 31 Dec 2013 08:25:46 +0100 Source: memcached Binary: memcached Architecture: source amd64 Version: 1.4.5-1+deb6u1 Distribution: squeeze-security Urgency: high Maintainer: David MartÃnez Moreno <en...@debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Description: memcached - A high-performance memory object caching system Closes: 698231 706426 Changes: memcached (1.4.5-1+deb6u1) squeeze-security; urgency=high . * Non-maintainer upload by the Security Team. * Add 03_fix-buffer-overrun_when_logging_keys.patch patch. CVE-2013-0179: DoS due to buffer overrun when printing out keys to be deleted in verbose mode. (Closes: #698231) * Add 04_CVE-2011-4971.patch. CVE-2011-4971: Fix remote denial of service. Sending a specially crafted packet cause memcached to segfault. (Closes: #706426) Checksums-Sha1: b89af44ed7177f382fba9d751e8aef3c126f0f87 1712 memcached_1.4.5-1+deb6u1.dsc c7d6517764b82d23ae2de76b56c2494343c53f02 302516 memcached_1.4.5.orig.tar.gz 3c930d2b7a66b065ada9eb1c46c94c55f5090fde 10965 memcached_1.4.5-1+deb6u1.diff.gz 5eb9a5843333495a5c39fb6fb594a156d009cad9 76622 memcached_1.4.5-1+deb6u1_amd64.deb Checksums-Sha256: eff2417dde202b92c51d3f665c3bea6aa6441f7d1d19cc517e6ab250dbc13a3c 1712 memcached_1.4.5-1+deb6u1.dsc 9571b4b85484e46b3b10f07ccba77a1fa97d60660b32859f990effefb3005f91 302516 memcached_1.4.5.orig.tar.gz 05eff830d3f99d76feb247a2267197d71aa6a6e0b98383b1abf258592cf9b6d4 10965 memcached_1.4.5-1+deb6u1.diff.gz 8de46a28eea780382f1614060406cfe70c3c5d67462bdffd2066858b2528ac57 76622 memcached_1.4.5-1+deb6u1_amd64.deb Files: 4b062f67fa9868b325e3683136ff22ab 1712 web optional memcached_1.4.5-1+deb6u1.dsc 583441a25f937360624024f2881e5ea8 302516 web optional memcached_1.4.5.orig.tar.gz e9f22698a2d8950f3c8899d36ca4c025 10965 web optional memcached_1.4.5-1+deb6u1.diff.gz 0d466a9ee77d037abb5d8aef2a4e66ff 76622 web optional memcached_1.4.5-1+deb6u1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) iQIcBAEBCgAGBQJSw8vBAAoJEAVMuPMTQ89EjZ8P/iXwKr1qpAuFEfijhmY5wpqH Jp4BWADkD1jS5zn9ixGGvmB+/oC3fJv0oTrEQZiSV2szhtl81sULkcW3NoL9fVBT KQFkmKLFDbQlSEd/JMu+4gYoHWjznHzDtS7YEcxBUwYYRcss/K8Jw6KoAbPbPKkp DN1OHEoZanT7NwAbs7gr0iqFGKbGEBBXF6hDj7xNS+6XwU6a+cWTtB9Ws9uBS0VW E9KTyz1V3sSUX5oN/Lwwo2NUnIemWonNQCzbO1XXhc2H3EXFYz06wPYuscXokPyb STnl0A6RmSs+QPkE0gAf60mDFwfa8z+4zWd4RdNn4iucp8cbfQ9c9uQ2PB2LT+I0 Ytp47LcNi9pLShJf9N/g8M8kwChewXy3pClMhBg+WLz/uHW/ahKcbY1HEl3MbIZB X55DTXrgk5MIxVpeQSVfcWXgAylSD1jf3N8zjnzxznyUz6l0oSISoEGtPADV7MZM 9mGEnws3qcfSfSa/fQlamrZ8TtyIpaFjvYS1urNQxKIoG6EH8mC1k5m9IBk+vT/j /2Ky9Y1GxKHIxXK8AYVYqZGu+fbritWECdfYQcOsifEUwKaMzspurgjKON8E2PMa XK2ebxuXLTlnBE+NzBJkW8leZeJOx+vO7MFCgiCW9BWVP6hXmMFWGSyrRzHAeks2 ZPtQjDi5iPu357mKuqzk =Qrke -----END PGP SIGNATURE-----
--- End Message ---
