Summary: | <net-misc/memcached-1.4.39: integer overflow in items.c:item_free() (CVE-2018-1000127) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | prometheanfire, robbat2 |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
GLSAMaker/CVETool Bot
2018-08-05 22:56:14 UTC
@ Maintainer(s): Please cleanup and drop vulnerable version =net-misc/memcached-1.4.33! sure that's the correct CVE? seems like we are adding another digit every year The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c98a5717c9b92ec1cf9921dd5f8065791dffff89 commit c98a5717c9b92ec1cf9921dd5f8065791dffff89 Author: Matthew Thode <prometheanfire@gentoo.org> AuthorDate: 2018-08-06 16:19:46 +0000 Commit: Matthew Thode <prometheanfire@gentoo.org> CommitDate: 2018-08-06 16:20:03 +0000 net-misc/memcached: remove old for CVE-2018-1000127 Bug: https://bugs.gentoo.org/662888 Package-Manager: Portage-2.3.43, Repoman-2.3.10 net-misc/memcached/Manifest | 5 -- net-misc/memcached/memcached-1.4.33.ebuild | 83 -------------------------- net-misc/memcached/memcached-1.5.5.ebuild | 95 ------------------------------ net-misc/memcached/memcached-1.5.6.ebuild | 95 ------------------------------ net-misc/memcached/memcached-1.5.7.ebuild | 95 ------------------------------ net-misc/memcached/memcached-1.5.8.ebuild | 95 ------------------------------ 6 files changed, 468 deletions(-) GLSA vote: No |