Ehh fine. I guess I'll cut a 1.2.9. It'll contain this single patch and there won't be a lot of fanfare to it. I'll get this out ASAP.
This bug is definitely not serious, and anyone claiming it as a root hole should be strangled. Please don't run this thing as root in a place where people can put whatever random trash they want into the system. The only reason why we consider this a notable bug is due to the potential for deliberate memory corruption. There are still many ways to DoS memcached if you have full and unfettered access to it. -Dormando On Tue, 11 Aug 2009, Paul Lindner wrote: > I haven't seen this mentioned on the mailing list... Is there a 1.2.9 in > the works or should I just patch up my builds with the attached patch. > > ---------- Forwarded message ---------- > From: <bugzi...@redhat.com> > Date: Mon, Aug 10, 2009 at 12:54 AM > Subject: [Bug 516489] CVE-2009-2415 memcached: heap-based buffer overflow > To: lind...@inuus.com > > > Please do not reply directly to this email. All additional > comments should be made in the comments box of this bug. > > > https://bugzilla.redhat.com/show_bug.cgi?id=516489 > > > > > > --- Comment #1 from Tomas Hoger <tho...@redhat.com> 2009-08-10 03:54:22 EDT > --- > Created an attachment (id=356858) > --> (https://bugzilla.redhat.com/attachment.cgi?id=356858) > Debian patch > > Patch extracted from Debian update for 1.2.2. > > Upstream fix for 1.2.8 should be this: > > http://consoleninja.net/code/memcached/memcached-1.2.8_proper_vlen_fix.patch > > -- > Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email > ------- You are receiving this mail because: ------- > You are on the CC list for the bug. >
