[Buildroot] [PATCH 1/1] package/memcached: security bump to version 1.6.22
Fabrice Fontaine
fontaine.fabrice at gmail.com
Tue Nov 28 20:14:33 UTC 2023
Fix CVE-2023-46852: In Memcached before 1.6.22, a buffer overflow exists
when processing multiget requests in proxy mode, if there are many
spaces after the "get" substring.
Fix CVE-2023-46853: In Memcached before 1.6.22, an off-by-one error
exists when processing proxy requests in proxy mode, if \n is used
instead of \r\n.
https://github.com/memcached/memcached/wiki/ReleaseNotes1622
Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
---
package/memcached/memcached.hash | 6 +++---
package/memcached/memcached.mk | 2 +-
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/package/memcached/memcached.hash b/package/memcached/memcached.hash
index c223a14bac..bd2072df0b 100644
--- a/package/memcached/memcached.hash
+++ b/package/memcached/memcached.hash
@@ -1,6 +1,6 @@
-# From http://www.memcached.org/files/memcached-1.6.21.tar.gz.sha1
-sha1 6d899680b4ba4b76b6c92120143cf87630ee984a memcached-1.6.21.tar.gz
+# From http://www.memcached.org/files/memcached-1.6.22.tar.gz.sha1
+sha1 7a691f390d59616dbebfc9e2e4942d499c39a338 memcached-1.6.22.tar.gz
# Locally computed
-sha256 c788980efc417dd5d93c442b1c8b8769fb2018896c29de3887d22a2f143da2ee memcached-1.6.21.tar.gz
+sha256 34783a90a4ccf74c4107085fd92b688749d23b276cfdad9f04e4f725a05d1ca7 memcached-1.6.22.tar.gz
sha256 bc887c4ad8051fe690ace9528fe37a2e0bb362e6d963331d82e845ca9b585a0c COPYING
diff --git a/package/memcached/memcached.mk b/package/memcached/memcached.mk
index a1a5eac049..05ae69eb32 100644
--- a/package/memcached/memcached.mk
+++ b/package/memcached/memcached.mk
@@ -4,7 +4,7 @@
#
################################################################################
-MEMCACHED_VERSION = 1.6.21
+MEMCACHED_VERSION = 1.6.22
MEMCACHED_SITE = http://www.memcached.org/files
MEMCACHED_DEPENDENCIES = libevent
MEMCACHED_CONF_ENV = ac_cv_prog_cc_c99='-std=gnu99'
--
2.42.0
More information about the buildroot
mailing list