Candidate: CVE-2009-1494
PublicDate: 2009-04-30 20:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1494
 http://groups.google.com/group/memcached/browse_thread/thread/ff96a9b88fb5d40e
Description:
 The process_stat function in Memcached 1.2.8 discloses memory-allocation
 statistics in response to a stats malloc command, which allows remote
 attackers to obtain potentially sensitive information by sending this
 command to the daemon's TCP port.
Ubuntu-Description:
Notes:
 jdstrand> should not be a real issue before 1.2.8
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526554
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_memcached:
 upstream: http://code.google.com/p/memcachedb/source/detail?r=98
upstream_memcached: released (1.2.8-1)
dapper_memcached: ignored
hardy_memcached: ignored
intrepid_memcached: ignored
jaunty_memcached: ignored
devel_memcached: not-affected (1.2.8-1)