Debian Package Tracker

From: Salvatore Bonaccorso <carnil@debian.org>
To: <dak@security.debian.org>
Subject: Accepted memcached 1.4.21-1.1+deb8u2 (source) into oldstable->embargoed, oldstable
Date: Wed, 06 Jun 2018 18:46:05 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 03 Jun 2018 15:21:23 +0200
Source: memcached
Binary: memcached
Architecture: source
Version: 1.4.21-1.1+deb8u2
Distribution: jessie-security
Urgency: high
Maintainer: David Martínez Moreno <ender@debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 868701 894404
Description: 
 memcached  - high-performance memory object caching system
Changes:
 memcached (1.4.21-1.1+deb8u2) jessie-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Heap-based buffer over-read in try_read_command function (CVE-2017-9951)
     (Closes: #868701)
   * disable UDP port by default (CVE-2018-1000115)
   * debian/NEWS: Add explanation and document how to re-enable UDP if
     necessary
   * Don't overflow item refcount on get (CVE-2018-1000127) (Closes: #894404)
Checksums-Sha1: 
 6901d63d584bde6a11f7d422bab6712d2696bf89 2194 memcached_1.4.21-1.1+deb8u2.dsc
 2016df8d8b356050e61fb31b7a672b22977a5aaa 17396 memcached_1.4.21-1.1+deb8u2.debian.tar.xz
Checksums-Sha256: 
 1708eeb259b35d9240bed705243958cf0794f056e8077c700fb0040b8b17cfa0 2194 memcached_1.4.21-1.1+deb8u2.dsc
 04cbe5dc6f9bafc493a0a73ca32fabe4e3428c85d9ea9b3e2ae1206005c0096c 17396 memcached_1.4.21-1.1+deb8u2.debian.tar.xz
Files: 
 6c6e7171237601151b0f900dd19a0cf7 2194 web optional memcached_1.4.21-1.1+deb8u2.dsc
 fbb18fe88d8e9fc41a996845593326af 17396 web optional memcached_1.4.21-1.1+deb8u2.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlsT7qxfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EShUQAIoamPmJD8hR1YtuR2do7V/+7mFi2JfP
DUPiX7xL3h//NScynuybporLRZU6/aDH2njxYt3AiJ+Y3SUwiKiF/bbyFaHF9S/+
5IERDKqYEQgNaYeNW5GS8dU/XWmUBBUUf/3Wm091AwDyIOxSAYAZ4oTlem1xNtkE
GNDNqOQbKdAEjieCChEpkUDTh2Nbm4bLQFZ/7PIicBuAq7lqqI4IXyyuMckdm6HC
7J+Qaa02roYMy8SnwkRuC3GZnOlR+XrsSExU5jL8dILda+sn+aY1JlCNID+VwPb/
C5G22U+4HevdudCg9xST81yrv0JfLuD600J0EEX9aPYoxSF5La4YNVZAQ0koJbLl
Skn/jz7X3IeY0p/unTktXVlzU0agSKQIYqVRu7urbV7PD8TkwsuclR4yLydj4TxE
phN+UytX78BEjB/AeST71r3wSaKrjUDIb+PBDvFRa/EpKjpHCbAagevd2CigdXyr
zd1c3J2cTpYvChWoBqdkSMbQqHXfroWML7xUcqQR73OGyVZx97C/Vyw9Ipf1o1gj
x70KcuEyvzlNjuodONYbtsVtgTS+LSEIAvxuByxknpj+Z1I38RgUPn5vXrmvG879
P6mvWSh6VYVZUFT6amPVfmBe2bJfxUaDuYq7wkY9KwMyvKIX1Sw6Jl+vauoHWxSP
ZCftmTrnTVBk
=rCFr
-----END PGP SIGNATURE-----
News for package memcached
