Summary: | <net-misc/memcached-1.5.17: stack-based buffer over-read in conn_to_str in memcached.c (CVE-2019-15026) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | prometheanfire, robbat2 |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/memcached/memcached/wiki/ReleaseNotes1517 | ||
See Also: | https://github.com/gentoo/gentoo/pull/15111 | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
net-misc/memcached-1.5.22
|
Runtime testing required: | --- |
Description
Sam James
2020-03-01 19:25:06 UTC
s390 stable sparc stable arm stable ppc stable ppc64 stable ia64 stable arm64 stable OK to cleanup? GLSA Vote: No! @ maintainer(s): Please cleanup and drop =net-misc/memcached-1.5.14! The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d5f0f9d418d0a9477f08abc736ad6c1b98867ea1 commit d5f0f9d418d0a9477f08abc736ad6c1b98867ea1 Author: Sam James (sam_c) <sam@cmpct.info> AuthorDate: 2020-03-25 16:27:25 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-03-25 21:22:36 +0000 net-misc/memcached: security cleanup (bug #711208) Bug: https://bugs.gentoo.org/711208 Signed-off-by: Sam James (sam_c) <sam@cmpct.info> Closes: https://github.com/gentoo/gentoo/pull/15111 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> net-misc/memcached/Manifest | 1 - net-misc/memcached/memcached-1.5.14.ebuild | 97 ------------------------------ 2 files changed, 98 deletions(-) Repository is clean, all done! CVE-2019-15026 (https://nvd.nist.gov/vuln/detail/CVE-2019-15026): memcached 1.5.16, when UNIX sockets are used, has a stack-based buffer over-read in conn_to_str in memcached.c. |