I haven't seen this mentioned on the mailing list... Is there a 1.2.9 in the works or should I just patch up my builds with the attached patch.
---------- Forwarded message ---------- From: <bugzi...@redhat.com> Date: Mon, Aug 10, 2009 at 12:54 AM Subject: [Bug 516489] CVE-2009-2415 memcached: heap-based buffer overflow To: lind...@inuus.com Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=516489 --- Comment #1 from Tomas Hoger <tho...@redhat.com> 2009-08-10 03:54:22 EDT --- Created an attachment (id=356858) --> (https://bugzilla.redhat.com/attachment.cgi?id=356858) Debian patch Patch extracted from Debian update for 1.2.2. Upstream fix for 1.2.8 should be this: http://consoleninja.net/code/memcached/memcached-1.2.8_proper_vlen_fix.patch -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
