"Stack based out-of-bounds memory read"
Quote from URL:
"... though given the nature of the bug, while it will trip ASAN, there's no way to exploit it and it only occurs over unix domain sockets. No data is copied past the end of any buffers. Still, we take this seriously and have repaired the offending code, just in case."
OK to cleanup?
GLSA Vote: No!
@ maintainer(s): Please cleanup and drop =net-misc/memcached-1.5.14!
The bug has been referenced in the following commit(s):
Author: Sam James (sam_c) <email@example.com>
AuthorDate: 2020-03-25 16:27:25 +0000
Commit: Thomas Deutschmann <firstname.lastname@example.org>
CommitDate: 2020-03-25 21:22:36 +0000
net-misc/memcached: security cleanup (bug #711208)
Signed-off-by: Sam James (sam_c) <email@example.com>
Signed-off-by: Thomas Deutschmann <firstname.lastname@example.org>
net-misc/memcached/Manifest | 1 -
net-misc/memcached/memcached-1.5.14.ebuild | 97 ------------------------------
2 files changed, 98 deletions(-)
Repository is clean, all done!
memcached 1.5.16, when UNIX sockets are used, has a stack-based buffer
over-read in conn_to_str in memcached.c.