Package: memcachedb Version: 1.2.0-2 Severity: normal Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for memcachedb.
CVE-2009-1255[0]: | The process_stat function in (1) Memcached before 1.2.8 and (2) | MemcacheDB 1.2.0 discloses (a) the contents of /proc/self/maps in | response to a stats maps command and (b) memory-allocation statistics | in response to a stats malloc command, which allows remote attackers | to obtain sensitive information such as the locations of memory | regions, and defeat ASLR protection, by sending a command to the | daemon's TCP port. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1255 http://security-tracker.debian.net/tracker/CVE-2009-1255 A patch can be found here [1] and here [2] [1] http://groups.google.com/group/memcachedb/browse_thread/thread/96feaca076fc233c [2] http://www.securityfocus.com/archive/1/archive/1/503064/100/0/threaded luciano -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
