Package "memcached"

  memcached (1.4.25-2ubuntu1.4) xenial-security; urgency=medium

  * SECURITY UPDATE: Integer Overflow in items.c:item_free()
    - debian/patches/CVE-2018-1000127.patch: Don't overflow item refcount
      on get in memcached.c.
    - CVE-2018-1000127

 -- Marc Deslauriers <email address hidden> Mon, 19 Mar 2018 10:15:02 -0400

  memcached (1.4.25-2ubuntu1.3) xenial-security; urgency=medium

  * SECURITY UPDATE: denial of service due to integer overflow
    - debian/patches/CVE-2017-9951.patch: check for integer overflow on
      key requests
    - CVE-2017-9951
  * SECURITY UPDATE: disable listening on UDP port by default due to
    use in DDoS amplification attacks
    - debian/patches/disable-udp-by-default.patch: disable UDP port by
      default. (LP: #1752831)
    - debian/NEWS: add explanation and document how to re-enable UDP if
      necessary.
    - CVE-2018-1000115

 -- Steve Beattie <email address hidden> Mon, 05 Mar 2018 01:08:38 -0800

  memcached (1.4.25-2ubuntu1.2) xenial-security; urgency=medium

  * SECURITY UPDATE: multiple integer overflow vulnerabilities
    - debian/patches/CVE-2016-870x.patch: check nbytes and nkey in items.c,
      properly handle lengths in memcached.c.
    - CVE-2016-8704
    - CVE-2016-8705
    - CVE-2016-8706
  * debian/patches/always_enable_alignment.patch: fix FTBFS on armhf.

 -- Marc Deslauriers <email address hidden> Wed, 02 Nov 2016 08:08:44 -0400