package/memcached: security bump to version 1.6.22

Fix CVE-2023-46852: In Memcached before 1.6.22, a buffer overflow exists when processing multiget requests in proxy mode, if there are many spaces after the "get" substring. Fix CVE-2023-46853: In Memcached before 1.6.22, an off-by-one error exists when processing proxy requests in proxy mode, if \n is used instead of \r\n. https://github.com/memcached/memcached/wiki/ReleaseNotes1622 Signed-off-by: Fabrice Fontaine <[email protected]> Signed-off-by: Peter Korsgaard <[email protected]> (cherry picked from commit bc96e9d) Signed-off-by: Peter Korsgaard <[email protected]>
Relms12345 · Nov 30, 2023 · c06c127 · c06c127
1 parent f86173d
commit c06c127
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 4 deletions.
diff --git a/package/memcached/memcached.hash b/package/memcached/memcached.hash
@@ -1,6 +1,6 @@
-# From http://www.memcached.org/files/memcached-1.6.21.tar.gz.sha1
-sha1  6d899680b4ba4b76b6c92120143cf87630ee984a  memcached-1.6.21.tar.gz
+# From http://www.memcached.org/files/memcached-1.6.22.tar.gz.sha1
+sha1  7a691f390d59616dbebfc9e2e4942d499c39a338  memcached-1.6.22.tar.gz
 
 # Locally computed
-sha256  c788980efc417dd5d93c442b1c8b8769fb2018896c29de3887d22a2f143da2ee  memcached-1.6.21.tar.gz
+sha256  34783a90a4ccf74c4107085fd92b688749d23b276cfdad9f04e4f725a05d1ca7  memcached-1.6.22.tar.gz
 sha256  bc887c4ad8051fe690ace9528fe37a2e0bb362e6d963331d82e845ca9b585a0c  COPYING
diff --git a/package/memcached/memcached.mk b/package/memcached/memcached.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-MEMCACHED_VERSION = 1.6.21
+MEMCACHED_VERSION = 1.6.22
 MEMCACHED_SITE = http://www.memcached.org/files
 MEMCACHED_DEPENDENCIES = libevent
 MEMCACHED_CONF_ENV = ac_cv_prog_cc_c99='-std=gnu99'