Hi Arno On Sat, Jan 19, 2013 at 03:21:39PM +0100, Arno Töll wrote: > looking at the current upload history, I don't think the current > maintainer will prepare a patch for s-p-u. Salvatore, given you asked > yesterday: Are you working on this? > > If nobody steps in, I'll NMU the version in unstable at very least, > although I cannot promise this will happen within the next 1-2 days.
The patch in the bugreport applies, and the reporducer shows then the correct behaviour. But I noticed that the reporter followed up on the bugreport mentioned another instance of the problem[1]. [1]: https://code.google.com/p/memcached/issues/detail?id=306#c6 As you did last NMU's if you want to take over, I would happily hand it over :) The only thing is if Release Team is happy with it to have it updated as it is (i.e. native Debian package). Regards, Salvatore
diff -Nru memcached-1.4.13/debian/changelog memcached-1.4.13/debian/changelog --- memcached-1.4.13/debian/changelog 2012-05-08 19:25:25.000000000 +0200 +++ memcached-1.4.13/debian/changelog 2013-01-19 15:53:51.000000000 +0100 @@ -1,3 +1,12 @@ +memcached (1.4.13-0.2) unstable; urgency=low + + * Non-maintainer upload. + * Add 0001-Fix-buffer-overrun-when-logging-key-to-delete-in-bin.patch + [SECURITY] CVE-2013-0179: DoS due to buffer overrun when printing out keys + to be deleted in verbose mode. (Closes: #698231). + + -- Salvatore Bonaccorso <car...@debian.org> Sat, 19 Jan 2013 15:53:47 +0100 + memcached (1.4.13-0.1) unstable; urgency=low * Non-maintainer upload. diff -Nru memcached-1.4.13/debian/patches/0001-Fix-buffer-overrun-when-logging-key-to-delete-in-bin.patch memcached-1.4.13/debian/patches/0001-Fix-buffer-overrun-when-logging-key-to-delete-in-bin.patch --- memcached-1.4.13/debian/patches/0001-Fix-buffer-overrun-when-logging-key-to-delete-in-bin.patch 1970-01-01 01:00:00.000000000 +0100 +++ memcached-1.4.13/debian/patches/0001-Fix-buffer-overrun-when-logging-key-to-delete-in-bin.patch 2013-01-19 15:52:02.000000000 +0100 @@ -0,0 +1,26 @@ +From d711492c32626c0d7ba201791a681a5bffebcedf Mon Sep 17 00:00:00 2001 +From: Jeremy Sowden <jeremy.sow...@gmail.com> +Date: Wed, 9 Jan 2013 15:43:41 +0000 +Subject: [PATCH] Fix buffer-overrun when logging key to delete in binary + protocol. + +--- + memcached.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +--- a/memcached.c ++++ b/memcached.c +@@ -2149,7 +2149,12 @@ + assert(c != NULL); + + if (settings.verbose > 1) { +- fprintf(stderr, "Deleting %s\n", key); ++ int ii; ++ fprintf(stderr, "Deleting "); ++ for (ii = 0; ii < nkey; ++ii) { ++ fprintf(stderr, "%c", key[ii]); ++ } ++ fprintf(stderr, "\n"); + } + + if (settings.detail_enabled) { diff -Nru memcached-1.4.13/debian/patches/series memcached-1.4.13/debian/patches/series --- memcached-1.4.13/debian/patches/series 2012-05-08 17:58:58.000000000 +0200 +++ memcached-1.4.13/debian/patches/series 2013-01-19 15:51:55.000000000 +0100 @@ -2,3 +2,4 @@ 02_manpage_additions.patch 03_fix_ftbfs4hurd.patch 04_add_init_retry.patch +0001-Fix-buffer-overrun-when-logging-key-to-delete-in-bin.patch