Control: tags -1 + patch Attached is proposed debdiff with upstream commit. The upload might be also a chance to fix the orig.tar.gz/native package issue.
Regards, Salvatore
diff -Nru memcached-1.4.13/debian/changelog memcached-1.4.13/debian/changelog --- memcached-1.4.13/debian/changelog 2013-01-23 21:22:12.000000000 +0100 +++ memcached-1.4.13/debian/changelog 2013-12-29 21:53:17.000000000 +0100 @@ -1,3 +1,12 @@ +memcached (1.4.13-0.3) unstable; urgency=medium + + * Non-maintainer upload. + * Add 06_CVE-2011-4971.patch patch. + CVE-2011-4971: Fix remote denial of service: sending a specially + crafted packet cause memcached to segfault. (Closes: #706426) + + -- Salvatore Bonaccorso <car...@debian.org> Sun, 29 Dec 2013 21:53:11 +0100 + memcached (1.4.13-0.2) unstable; urgency=low * Non-maintainer upload. diff -Nru memcached-1.4.13/debian/patches/06_CVE-2011-4971.patch memcached-1.4.13/debian/patches/06_CVE-2011-4971.patch --- memcached-1.4.13/debian/patches/06_CVE-2011-4971.patch 1970-01-01 01:00:00.000000000 +0100 +++ memcached-1.4.13/debian/patches/06_CVE-2011-4971.patch 2013-12-29 21:51:33.000000000 +0100 @@ -0,0 +1,54 @@ +Description: Fix segfault on specially crafted packet + CVE-2011-4971: remote denial of service +Origin: upstream, http://github.com/memcached/memcached/commit/6695ccbc525c36d693aaa3e8337b36aa0c784424 +Bug: https://code.google.com/p/memcached/issues/detail?id=192 +Bug-Debian: http://bugs.debian.org/706426 +Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=957964 +Forwarded: not-needed +Author: Huzaifa Sidhpurwala <huzai...@redhat.com> +Reviewed-by: Salvatore Bonaccorso <car...@debian.org> +Last-Update: 2013-12-29 +Applied-Upstream: 1.4.16 + +--- a/memcached.c ++++ b/memcached.c +@@ -3874,6 +3874,16 @@ + complete_nread(c); + break; + } ++ ++ /* Check if rbytes < 0, to prevent crash */ ++ if (c->rlbytes < 0) { ++ if (settings.verbose) { ++ fprintf(stderr, "Invalid rlbytes to read: len %d\n", c->rlbytes); ++ } ++ conn_set_state(c, conn_closing); ++ break; ++ } ++ + /* first check if we have leftovers in the conn_read buffer */ + if (c->rbytes > 0) { + int tocopy = c->rbytes > c->rlbytes ? c->rlbytes : c->rbytes; +--- /dev/null ++++ b/t/issue_192.t +@@ -0,0 +1,20 @@ ++#!/usr/bin/perl ++ ++use strict; ++use Test::More tests => 2; ++use FindBin qw($Bin); ++use lib "$Bin/lib"; ++use MemcachedTest; ++ ++my $server = new_memcached(); ++my $sock = $server->sock; ++ ++ok($server->new_sock, "opened new socket"); ++ ++print $sock "\x80\x12\x00\x01\x08\x00\x00\x00\xff\xff\xff\xe8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x01\x00\x00\x00\x00\x00\x00\x00\x00\x000\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"; ++ ++sleep 0.5; ++ok($server->new_sock, "failed to open new socket"); ++ ++ ++ diff -Nru memcached-1.4.13/debian/patches/series memcached-1.4.13/debian/patches/series --- memcached-1.4.13/debian/patches/series 2013-01-20 15:51:34.000000000 +0100 +++ memcached-1.4.13/debian/patches/series 2013-12-29 17:57:52.000000000 +0100 @@ -3,3 +3,4 @@ 03_fix_ftbfs4hurd.patch 04_add_init_retry.patch 05_fix-buffer-overrun_when_logging_keys.patch +06_CVE-2011-4971.patch
