Antoine Beaupré pushed to branch master at Debian Security Tracker / security-tracker
Commits: 09e0545b by Antoine Beaupré at 2018-03-29T16:51:09-04:00 memcached: upstream contacted and has reproducer, claiming - - - - - 1 changed file: - data/dla-needed.txt Changes: ===================================== data/dla-needed.txt ===================================== --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -93,11 +93,13 @@ libvorbis -- linux -- -memcached +memcached (anarcat) NOTE: The Wheezy version supports the ascii protocol but the specific NOTE: make_ascii_get_suffix function for the fix does not exist. Without a NOTE: reproducer I cannot decide whether this version is vulnerable or not. - NOTE: Upstream should be contacted. + NOTE: -- Markus Koschany 2018-03-23 22:56:23 +0100 + NOTE: reproducer in http://www.openwall.com/lists/oss-security/2018/03/08/7 + NOTE: -- anarcat Thu Mar 29 16:30:36 EDT 2018 -- mercurial (anarcat) NOTE: 20180315: The patch to CVE-2016-1000116 added in 2.2.2-4+deb7u5 makes @@ -106,7 +108,6 @@ mercurial (anarcat) NOTE: 20180315: You will also need to remove `tests/gpg/random_seed` in clean target. NOTE: 20180315: NOTE: 20180315: -- Chris Lamb <la...@debian.org> Thu, 15 Mar 2018 17:54:32 -0700 - -- ming (Hugo Lefeuvre) NOTE: 20180317: wip, currently working on it with upstream. Since I have to write all patches by myself, it might take a while. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/09e0545bdc2e1061abca4ca83a17b087aa05d352 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/09e0545bdc2e1061abca4ca83a17b087aa05d352 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits