Bug#706426: memcached: CVE-2011-4971: remote denial of service

2013-12-29 Thread Salvatore Bonaccorso
Control: tags -1 + patch Attached is proposed debdiff with upstream commit. The upload might be also a chance to fix the orig.tar.gz/native package issue. Regards, Salvatore diff -Nru memcached-1.4.13/debian/changelog memcached-1.4.13/debian/changelog --- memcached-1.4.13/debian/changelog 2013-

Bug#706426: memcached: CVE-2011-4971: remote denial of service

2013-04-29 Thread Henri Salo
Package: memcached Version: 1.4.5-1 Severity: important Tags: security memcached service crashes when sending specially crafted packet as reported in here https://code.google.com/p/memcached/issues/detail?id=i192 Mar 15, 2011. Upstream has not fixed this yet. PoC: 1) echo -en '\x80\x12\x00\x01\