tags 698231 + pending
thanks
Dear maintainer,
I've prepared an NMU for memcached (versioned as 1.4.13-0.2) and
uploaded it to DELAYED/5. Please feel free to tell me if I
should delay it longer.
Regards,
Salvatore
diff -Nru memcached-1.4.13/debian/changelog memcached-1.4.13/debian/changelog
--- memcached-1.4.13/debian/changelog 2012-05-08 19:25:25.000000000 +0200
+++ memcached-1.4.13/debian/changelog 2013-01-23 21:22:12.000000000 +0100
@@ -1,3 +1,12 @@
+memcached (1.4.13-0.2) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Add 05_fix-buffer-overrun_when_logging_keys.patch patch
+ [SECURITY] CVE-2013-0179: DoS due to buffer overrun when printing out keys
+ to be deleted in verbose mode. (Closes: #698231).
+
+ -- Salvatore Bonaccorso <car...@debian.org> Wed, 23 Jan 2013 21:22:09 +0100
+
memcached (1.4.13-0.1) unstable; urgency=low
* Non-maintainer upload.
diff -Nru memcached-1.4.13/debian/patches/05_fix-buffer-overrun_when_logging_keys.patch memcached-1.4.13/debian/patches/05_fix-buffer-overrun_when_logging_keys.patch
--- memcached-1.4.13/debian/patches/05_fix-buffer-overrun_when_logging_keys.patch 1970-01-01 01:00:00.000000000 +0100
+++ memcached-1.4.13/debian/patches/05_fix-buffer-overrun_when_logging_keys.patch 2013-01-22 23:26:51.000000000 +0100
@@ -0,0 +1,46 @@
+Description: [CVE-2013-0179] Fix buffer-overrun when logging keys
+Origin: vendor
+Bug: https://code.google.com/p/memcached/issues/detail?id=306
+Bug-Debian: http://bugs.debian.org/698231
+Forwarded: not-needed
+Author: Jeremy Sowden <jeremy.sow...@gmail.com>
+Author: Salvatore Bonaccorso <car...@debian.org>
+Last-Update: 2013-01-22
+--- a/memcached.c
++++ b/memcached.c
+@@ -2149,7 +2149,12 @@
+ assert(c != NULL);
+
+ if (settings.verbose > 1) {
+- fprintf(stderr, "Deleting %s\n", key);
++ int ii;
++ fprintf(stderr, "Deleting ");
++ for (ii = 0; ii < nkey; ++ii) {
++ fprintf(stderr, "%c", key[ii]);
++ }
++ fprintf(stderr, "\n");
+ }
+
+ if (settings.detail_enabled) {
+--- a/items.c
++++ b/items.c
+@@ -500,9 +500,17 @@
+
+ if (settings.verbose > 2) {
+ if (it == NULL) {
+- fprintf(stderr, "> NOT FOUND %s", key);
++ int ii;
++ fprintf(stderr, "> NOT FOUND ");
++ for (ii = 0; ii < nkey; ++ii) {
++ fprintf(stderr, "%c", key[ii]);
++ }
+ } else {
+- fprintf(stderr, "> FOUND KEY %s", ITEM_key(it));
++ int ii;
++ fprintf(stderr, "> FOUND KEY ");
++ for (ii = 0; ii < it->nkey; ++ii) {
++ fprintf(stderr, "%c", ITEM_key(it)[ii]);
++ }
+ was_found++;
+ }
+ }
diff -Nru memcached-1.4.13/debian/patches/series memcached-1.4.13/debian/patches/series
--- memcached-1.4.13/debian/patches/series 2012-05-08 17:58:58.000000000 +0200
+++ memcached-1.4.13/debian/patches/series 2013-01-20 15:51:34.000000000 +0100
@@ -2,3 +2,4 @@
02_manpage_additions.patch
03_fix_ftbfs4hurd.patch
04_add_init_retry.patch
+05_fix-buffer-overrun_when_logging_keys.patch
