Hi Arno
On Sat, Jan 19, 2013 at 03:21:39PM +0100, Arno Töll wrote:
> looking at the current upload history, I don't think the current
> maintainer will prepare a patch for s-p-u. Salvatore, given you asked
> yesterday: Are you working on this?
>
> If nobody steps in, I'll NMU the version in unstable at very least,
> although I cannot promise this will happen within the next 1-2 days.
The patch in the bugreport applies, and the reporducer shows then the
correct behaviour. But I noticed that the reporter followed up on the
bugreport mentioned another instance of the problem[1].
[1]: https://code.google.com/p/memcached/issues/detail?id=306#c6
As you did last NMU's if you want to take over, I would happily hand
it over :)
The only thing is if Release Team is happy with it to have it updated
as it is (i.e. native Debian package).
Regards,
Salvatore
diff -Nru memcached-1.4.13/debian/changelog memcached-1.4.13/debian/changelog
--- memcached-1.4.13/debian/changelog 2012-05-08 19:25:25.000000000 +0200
+++ memcached-1.4.13/debian/changelog 2013-01-19 15:53:51.000000000 +0100
@@ -1,3 +1,12 @@
+memcached (1.4.13-0.2) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Add 0001-Fix-buffer-overrun-when-logging-key-to-delete-in-bin.patch
+ [SECURITY] CVE-2013-0179: DoS due to buffer overrun when printing out keys
+ to be deleted in verbose mode. (Closes: #698231).
+
+ -- Salvatore Bonaccorso <car...@debian.org> Sat, 19 Jan 2013 15:53:47 +0100
+
memcached (1.4.13-0.1) unstable; urgency=low
* Non-maintainer upload.
diff -Nru
memcached-1.4.13/debian/patches/0001-Fix-buffer-overrun-when-logging-key-to-delete-in-bin.patch
memcached-1.4.13/debian/patches/0001-Fix-buffer-overrun-when-logging-key-to-delete-in-bin.patch
---
memcached-1.4.13/debian/patches/0001-Fix-buffer-overrun-when-logging-key-to-delete-in-bin.patch
1970-01-01 01:00:00.000000000 +0100
+++
memcached-1.4.13/debian/patches/0001-Fix-buffer-overrun-when-logging-key-to-delete-in-bin.patch
2013-01-19 15:52:02.000000000 +0100
@@ -0,0 +1,26 @@
+From d711492c32626c0d7ba201791a681a5bffebcedf Mon Sep 17 00:00:00 2001
+From: Jeremy Sowden <jeremy.sow...@gmail.com>
+Date: Wed, 9 Jan 2013 15:43:41 +0000
+Subject: [PATCH] Fix buffer-overrun when logging key to delete in binary
+ protocol.
+
+---
+ memcached.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+--- a/memcached.c
++++ b/memcached.c
+@@ -2149,7 +2149,12 @@
+ assert(c != NULL);
+
+ if (settings.verbose > 1) {
+- fprintf(stderr, "Deleting %s\n", key);
++ int ii;
++ fprintf(stderr, "Deleting ");
++ for (ii = 0; ii < nkey; ++ii) {
++ fprintf(stderr, "%c", key[ii]);
++ }
++ fprintf(stderr, "\n");
+ }
+
+ if (settings.detail_enabled) {
diff -Nru memcached-1.4.13/debian/patches/series
memcached-1.4.13/debian/patches/series
--- memcached-1.4.13/debian/patches/series 2012-05-08 17:58:58.000000000
+0200
+++ memcached-1.4.13/debian/patches/series 2013-01-19 15:51:55.000000000
+0100
@@ -2,3 +2,4 @@
02_manpage_additions.patch
03_fix_ftbfs4hurd.patch
04_add_init_retry.patch
+0001-Fix-buffer-overrun-when-logging-key-to-delete-in-bin.patch
