Bug#928205: memcached: diff for NMU version 1.5.6-1.1

Sun, 05 May 2019 06:36:17 -0700 

Control: tags 928205 + patch
Control: tags 928205 + pending


Dear maintainer,

I've prepared an NMU for memcached (versioned as 1.5.6-1.1) and
uploaded it to DELAYED/5. Please feel free to tell me if I
should delay it longer.

Regards,
Salvatore

diff -Nru memcached-1.5.6/debian/changelog memcached-1.5.6/debian/changelog
--- memcached-1.5.6/debian/changelog	2018-03-06 18:59:39.000000000 +0100
+++ memcached-1.5.6/debian/changelog	2019-05-05 13:36:30.000000000 +0200
@@ -1,3 +1,11 @@
+memcached (1.5.6-1.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix NULL pointer dereference in the "lru mode" and "lru temp_ttl" commands
+    (CVE-2019-11596) (Closes: #928205)
+
+ -- Salvatore Bonaccorso <car...@debian.org>  Sun, 05 May 2019 13:36:30 +0200
+
 memcached (1.5.6-1) unstable; urgency=medium
 
   * New upstream release
diff -Nru memcached-1.5.6/debian/patches/08_fix-segfault-in-lru-command.patch memcached-1.5.6/debian/patches/08_fix-segfault-in-lru-command.patch
--- memcached-1.5.6/debian/patches/08_fix-segfault-in-lru-command.patch	1970-01-01 01:00:00.000000000 +0100
+++ memcached-1.5.6/debian/patches/08_fix-segfault-in-lru-command.patch	2019-05-05 13:36:30.000000000 +0200
@@ -0,0 +1,38 @@
+From: dormando <dorma...@rydia.net>
+Date: Sat, 27 Apr 2019 01:17:57 -0700
+Subject: fix segfault in "lru" command
+Origin: https://github.com/memcached/memcached/commit/d35334f368817a77a6bd1f33c6a5676b2c402c02
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-11596
+Bug-Debian: https://bugs.debian.org/928205
+Bug: https://github.com/memcached/memcached/issues/474
+
+fixes #474 - off by one in token count.
+---
+ memcached.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/memcached.c b/memcached.c
+index d64a83816ca6..7fd3e40e1155 100644
+--- a/memcached.c
++++ b/memcached.c
+@@ -4632,7 +4632,7 @@ static void process_lru_command(conn *c, token_t *tokens, const size_t ntokens)
+                 out_string(c, "OK");
+             }
+         }
+-    } else if (strcmp(tokens[1].value, "mode") == 0 && ntokens >= 3 &&
++    } else if (strcmp(tokens[1].value, "mode") == 0 && ntokens >= 4 &&
+                settings.lru_maintainer_thread) {
+         if (strcmp(tokens[2].value, "flat") == 0) {
+             settings.lru_segmented = false;
+@@ -4643,7 +4643,7 @@ static void process_lru_command(conn *c, token_t *tokens, const size_t ntokens)
+         } else {
+             out_string(c, "ERROR");
+         }
+-    } else if (strcmp(tokens[1].value, "temp_ttl") == 0 && ntokens >= 3 &&
++    } else if (strcmp(tokens[1].value, "temp_ttl") == 0 && ntokens >= 4 &&
+                settings.lru_maintainer_thread) {
+         if (!safe_strtol(tokens[2].value, &ttl)) {
+             out_string(c, "ERROR");
+-- 
+2.11.0
+
diff -Nru memcached-1.5.6/debian/patches/series memcached-1.5.6/debian/patches/series
--- memcached-1.5.6/debian/patches/series	2017-09-20 21:09:46.000000000 +0200
+++ memcached-1.5.6/debian/patches/series	2019-05-05 13:36:30.000000000 +0200
@@ -2,3 +2,4 @@
 02_service_wrapper.patch
 04_add_init_retry.patch
 07_disable_tests.patch
+08_fix-segfault-in-lru-command.patch

Reply via email to