Package "memcached"

  memcached (1.4.14-0ubuntu9.3) trusty-security; urgency=medium

  * SECURITY UPDATE: Integer Overflow in items.c:item_free()
    - debian/patches/CVE-2018-1000127.patch: Don't overflow item refcount
      on get in memcached.c.
    - CVE-2018-1000127

 -- Marc Deslauriers <email address hidden> Mon, 19 Mar 2018 10:15:57 -0400

  memcached (1.4.14-0ubuntu9.2) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service due to integer overflow
    - debian/patches/CVE-2017-9951.patch: check for integer overflow on
      key requests
    - CVE-2017-9951
  * SECURITY UPDATE: disable listening on UDP port by default due to
    use in DDoS amplification attacks
    - debian/patches/disable-udp-by-default.patch: disable UDP port by
      default. (LP: #1752831)
    - debian/NEWS: add explanation and document how to re-enable UDP if
      necessary.
    - CVE-2018-1000115

 -- Steve Beattie <email address hidden> Mon, 05 Mar 2018 02:10:59 -0800

  memcached (1.4.14-0ubuntu9.1) trusty-security; urgency=medium

  * SECURITY UPDATE: multiple integer overflow vulnerabilities
    - debian/patches/CVE-2016-870x.patch: check nbytes and nkey in items.c,
      properly handle lengths in memcached.c.
    - CVE-2016-8704
    - CVE-2016-8705
    - CVE-2016-8706

 -- Marc Deslauriers <email address hidden> Wed, 02 Nov 2016 08:17:58 -0400