Hello community, here is the log from the commit of package memcached for openSUSE:Factory checked in at 2013-03-08 09:22:56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/memcached (Old) and /work/SRC/openSUSE:Factory/.memcached.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "memcached", Maintainer is "mrueck...@suse.com" Changes: -------- --- /work/SRC/openSUSE:Factory/memcached/memcached.changes 2012-11-20 13:09:27.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.memcached.new/memcached.changes 2013-03-08 09:22:57.000000000 +0100 @@ -1,0 +2,7 @@ +Tue Jan 15 11:44:05 UTC 2013 - mrueck...@suse.de + +- added memcached-1.4.x_delete_verbose_mode_dos.patch (bnc#798458) + DoS when printing out keys to be deleted in verbose mode + Upstream bug 306 (CVE-2013-0179) + +------------------------------------------------------------------- New: ---- memcached-1.4.x_delete_verbose_mode_dos.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ memcached.spec ++++++ --- /var/tmp/diff_new_pack.r2Ljkl/_old 2013-03-08 09:22:59.000000000 +0100 +++ /var/tmp/diff_new_pack.r2Ljkl/_new 2013-03-08 09:22:59.000000000 +0100 @@ -52,6 +52,7 @@ Patch0: memcached-1.4.5.dif Patch1: memcached-autofoo.patch Patch2: memcached-use-endian_h.patch +Patch3: memcached-1.4.x_delete_verbose_mode_dos.patch # Summary: A high-performance, distributed memory object caching system License: BSD-3-Clause @@ -77,6 +78,7 @@ %patch0 %patch1 %patch2 +%patch3 -p1 %build autoreconf -fiv ++++++ memcached-1.4.x_delete_verbose_mode_dos.patch ++++++ >From d711492c32626c0d7ba201791a681a5bffebcedf Mon Sep 17 00:00:00 2001 From: Jeremy Sowden <jeremy.sow...@gmail.com> Date: Wed, 9 Jan 2013 15:43:41 +0000 Subject: [PATCH] Fix buffer-overrun when logging key to delete in binary protocol. --- memcached.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/memcached.c b/memcached.c index d157b4e..1fd87c9 100644 --- a/memcached.c +++ b/memcached.c @@ -2150,7 +2150,12 @@ static void process_bin_delete(conn *c) { assert(c != NULL); if (settings.verbose > 1) { - fprintf(stderr, "Deleting %s\n", key); + int ii; + fprintf(stderr, "Deleting "); + for (ii = 0; ii < nkey; ++ii) { + fprintf(stderr, "%c", key[ii]); + } + fprintf(stderr, "\n"); } if (settings.detail_enabled) { -- 1.7.10.4 -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org