On 06/09/12 19:05, Moritz Muehlenhoff wrote:
On Tue, Jun 26, 2012 at 06:36:56PM +0300, Rücker Thomas wrote:
Hi Jonas,
On 13/06/12 02:02, Jonas Smedegaard wrote:
Hi Thomas,
On 12-06-13 at 12:50am, Rücker Thomas wrote:
Hello, your friendly upstream here.
We just released Icecast 2.3.3 which addresses this issue.
Also for the record. It's fairly easy to spot those injection
attempts by looking at the Icecast access log.
Great. I am looking into updating the packaging now.
Just wondering how the updated package is going.
Mainly as I hear there is a freeze coming to debian.
Would be too bad to miss the window.
CVE-2011-4612 is still unfixed in Wheezy, only in unstable. Please either
ask the release managers to unblock 2.3.3 (unlikely at this time
in the freeze) or upload an isolated fix to testing-proposed-updates.
JFTR: We hurried out 2.3.3 still before the freeze so that it could
possibly make it into wheezy. Carrying a 4+ year old release that misses
numerous security and stability fixes is kind of impractical.
So far there have been no regressions or new bugs found in 2.3.3 and it
is a clean drop-in replacement for 2.3.2.
Cheers
Thomas
_______________________________________________
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
