Summary: | <net-misc/memcached-1.4.39: Heap-based buffer over-read in try_read_command function (incomplete fix for CVE-2016-8705) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | prometheanfire, robbat2 |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1471970 | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
=net-misc/memcached-1.4.39
|
Runtime testing required: | No |
Description
Agostino Sarubbo
2017-07-18 08:08:19 UTC
It is ready for stablization, I'd target 1.4.39 and not 1.5.0 as 1.5.0 hasn't had much time. We'll need the following stablereqs though. alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 @arches, please stabilize. ia64 stable stable 1.4.39 for ppc/ppc64 Stable on amd64. arm stable x86 stable Stable on alpha. sparc was dropped to exp. https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b5901d8f716555a1479f12313a2925fcadd177a9 so I guess we are just waiting on hppa then? (In reply to Matthew Thode ( prometheanfire ) from comment #10) > so I guess we are just waiting on hppa then? Yes. commit 608512e3c86a80f941a9a9161a1af204035f6c1d Author: Rolf Eike Beer <eike@sf-mail.de> Date: Sat Jan 27 23:25:40 2018 +0100 net-misc/memcached: stable 1.4.39 for sparc, bug #625494 hppa, a ping? commit 722a44f9273423e6296ef04a1d8c259deea333f1 Author: Jeroen Roovers <jer@gentoo.org> Date: Tue Mar 13 17:07:34 2018 +0100 net-misc/memcached: Stable for HPPA too. |