From bc96e9da0d8010482dcc50c055567d4625498088 Mon Sep 17 00:00:00 2001 From: Fabrice Fontaine Date: Tue, 28 Nov 2023 21:14:33 +0100 Subject: [PATCH] package/memcached: security bump to version 1.6.22 Fix CVE-2023-46852: In Memcached before 1.6.22, a buffer overflow exists when processing multiget requests in proxy mode, if there are many spaces after the "get" substring. Fix CVE-2023-46853: In Memcached before 1.6.22, an off-by-one error exists when processing proxy requests in proxy mode, if \n is used instead of \r\n. https://github.com/memcached/memcached/wiki/ReleaseNotes1622 Signed-off-by: Fabrice Fontaine Signed-off-by: Peter Korsgaard --- package/memcached/memcached.hash | 6 +++--- package/memcached/memcached.mk | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/package/memcached/memcached.hash b/package/memcached/memcached.hash index c223a14bac..bd2072df0b 100644 --- a/package/memcached/memcached.hash +++ b/package/memcached/memcached.hash @@ -1,6 +1,6 @@ -# From http://www.memcached.org/files/memcached-1.6.21.tar.gz.sha1 -sha1 6d899680b4ba4b76b6c92120143cf87630ee984a memcached-1.6.21.tar.gz +# From http://www.memcached.org/files/memcached-1.6.22.tar.gz.sha1 +sha1 7a691f390d59616dbebfc9e2e4942d499c39a338 memcached-1.6.22.tar.gz # Locally computed -sha256 c788980efc417dd5d93c442b1c8b8769fb2018896c29de3887d22a2f143da2ee memcached-1.6.21.tar.gz +sha256 34783a90a4ccf74c4107085fd92b688749d23b276cfdad9f04e4f725a05d1ca7 memcached-1.6.22.tar.gz sha256 bc887c4ad8051fe690ace9528fe37a2e0bb362e6d963331d82e845ca9b585a0c COPYING diff --git a/package/memcached/memcached.mk b/package/memcached/memcached.mk index a1a5eac049..05ae69eb32 100644 --- a/package/memcached/memcached.mk +++ b/package/memcached/memcached.mk @@ -4,7 +4,7 @@ # ################################################################################ -MEMCACHED_VERSION = 1.6.21 +MEMCACHED_VERSION = 1.6.22 MEMCACHED_SITE = http://www.memcached.org/files MEMCACHED_DEPENDENCIES = libevent MEMCACHED_CONF_ENV = ac_cv_prog_cc_c99='-std=gnu99'