Bug#770222: CVE request: icecast: possible leak of on-connect scripts
cve-assign at mitre.org
cve-assign at mitre.org
Thu Nov 20 14:52:44 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> It was reported that Icecast could possibly leak the contents of
> on-connect scripts to clients, which may contain sensitive information.
> This issue has been fixed in the 2.4.1 release:
> "Fix on-connect and on-disconnect script STDIN/STDOUT/STDERR corruption
> due to shared file descriptors."
> Information contained can include passwords
> http://icecast.org/news/icecast-release-2_4_1/
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770222
> https://trac.xiph.org/ticket/2089
> https://trac.xiph.org/ticket/2087
> https://trac.xiph.org/changeset/19308
Use CVE-2014-9018.
- --
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)
iQEcBAEBAgAGBQJUbf+QAAoJEKllVAevmvmsB/QH/iv2tkycZVO3mWFqsEkkNWSj
v9B9xhVZzCGKnL3WU/89w6jszoCZfoJXA/kUPwnOzIyl2OpJNvHAKyRcONTo8gu8
rBpYYl2id90Xf4DEJucKjJFeMzo6q1BIxQAtOPro5VMBYZ+EC7Ups9AO0iMxzwr+
g9lusgsVy6jOEb+aeng3SX2GCgnwAv+SZ78wipPuBnxyO6Ec8W++lHOdB+7SDY/J
6A38oMJstLVy4PUSiHfNjK71Ej7m1Hx++mk3cMPXEINJh1dV9LcJEeAoANAePMma
gRwboepBmq5FDDsV099VPfqMB4XQli3svZEjdkUCbPhjl1D4dj8s74i0uF9GGyI=
=EjxT
-----END PGP SIGNATURE-----
More information about the pkg-multimedia-maintainers
mailing list