-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 21 May 2026 13:14:29 -0700 Source: memcached Built-For-Profiles: nocheck Architecture: source Version: 1.6.42-1 Distribution: unstable Urgency: high Maintainer: Chris Lamb <lamby@debian.org> Changed-By: Chris Lamb <lamby@debian.org> Closes: 1137214 Changes: memcached (1.6.42-1) unstable; urgency=high . * New upstream release. (Closes: #1137214) <https://github.com/memcached/memcached/wiki/ReleaseNotes1642> . - CVE-2026-47783: Username data for SASL password database authentication had a timing side-channel vulnerability, because a loop exits as soon as a valid username is found by the sasl_server_userdb_checkpass method. . - CVE-2026-47784: Password data for SASL password database authentication had a timing side-channel attack, because memcmp is used by the sasl_server_userdb_checkpass method. . * Bump Standards-Version to 4.7.4. Checksums-Sha1: 80c515e405c3a0d649a0703a31e84a3b480207d0 2033 memcached_1.6.42-1.dsc 4a8a77833f332c6996bb9c5957b0dadcc1fbbede 924556 memcached_1.6.42.orig.tar.xz 8babf0d06ae3d7e0e0e1ca963a85f52a0735188d 18036 memcached_1.6.42-1.debian.tar.xz c40155e4d1fad2986529bd6bf2be84df34b66a55 6807 memcached_1.6.42-1_amd64.buildinfo Checksums-Sha256: af228607f8d2ba16d1dfa25c7fb7ce3a50a59d5c859f099cf024ff2fd4545cf6 2033 memcached_1.6.42-1.dsc c3d6231540483f93640faafac3ac145dc35331344320a3f7c13d738971f96f62 924556 memcached_1.6.42.orig.tar.xz c413f109c6eebbee06b0df1d50aac6abb2e2397febfb81d08ab8d77c9dfd4a4e 18036 memcached_1.6.42-1.debian.tar.xz bb1ce947fe5399a08c2706def3e427c05436514f1f62758ba468bdf08bfa61a6 6807 memcached_1.6.42-1_amd64.buildinfo Files: 256e694dbe844b35dc01e1c8587c827f 2033 web optional memcached_1.6.42-1.dsc 814a2e322cffec5df3db52858a43f3ce 924556 web optional memcached_1.6.42.orig.tar.xz 170b55bbb542aabc39f8e882b1bf613b 18036 web optional memcached_1.6.42-1.debian.tar.xz 91200506ec2df45703f0857c65c5415b 6807 web optional memcached_1.6.42-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmoPaFUACgkQHpU+J9Qx Hlh1Sw/9GrUxY6NhCG9p/tJDGAn3mHhWBUHvrnCPO9+C97fdD4wnN49tHrPn1QQk n1gIGL2yBUnQSvfRptv4rNffdfVMiHZ4VEFVseoMapS2SqXRCPpLWQMMLWPIOOCi 87HwNo1li3KnA4AjZh2kc8yXggoI5NHw57VJbI952UMUMBLjwmZrSMtrWkRda10J vmhGeldUEDFVRxAjHzVhwxm6+1wjxkeZdpehC2nZvgn/tPA2ystGYnttZ4aVmEPt BNIVZdvdBX9fHCyyy2WE/Sp6AY2Z850srdrQaOC6r8hYgVRnRfWrm2HNenipmBpv +AxGW8suomWQsCbid7AYQPUNJA8/Mua5aTq36ovBXfrCTXrCV2ynMlLW0pv6I60w ONrNClvf6cAspbWu9QLPfUbxwD5rKujsX9knoEXdkhjZZ1WsfpVkl9eO1CtNhi/H iMOf2AvTte1X+Nyab4zPx5o+R6qsqZujWRiN07EkadH40w18SVIhT/6D0LZSCRao SwMIPz84cyrONzZKhAZHqtLfPRQQufT4TnyMsuTqWhqkdWrj8hu5VKYhihOLPTcJ tmwt6kz7bA+8hx9xczgdG83YgjuGlC8S9/KPPxsG8f7R4DfpmRSzvUDQko+dr13e +rQ1xWpyYaM1MJWlVasFJtqS8gk7xfd6gogEwWb2+boJgOVJHOs= =RAuL -----END PGP SIGNATURE-----
