Bug#770222: CVE request: icecast: possible leak of on-connect scripts
Murray McAllister
mmcallis at redhat.com
Wed Nov 19 23:31:54 UTC 2014
Good morning,
It was reported that Icecast could possibly leak the contents of
on-connect scripts to clients, which may contain sensitive information.
This issue has been fixed in the 2.4.1 release:
http://icecast.org/news/icecast-release-2_4_1/
"Fix on-connect and on-disconnect script STDIN/STDOUT/STDERR corruption
due to shared file descriptors."
References:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770222
https://trac.xiph.org/ticket/2089
Cheers,
--
Murray McAllister / Red Hat Product Security
https://bugzilla.redhat.com/show_bug.cgi?id=1165880
More information about the pkg-multimedia-maintainers
mailing list