Bug#652663: CVE-2011-4612
Rücker Thomas
thomas.ruecker at tieto.com
Sun Sep 16 07:11:49 UTC 2012
On 06/09/12 19:05, Moritz Muehlenhoff wrote:
> On Tue, Jun 26, 2012 at 06:36:56PM +0300, Rücker Thomas wrote:
>> Hi Jonas,
>>
>> On 13/06/12 02:02, Jonas Smedegaard wrote:
>>> Hi Thomas,
>>>
>>> On 12-06-13 at 12:50am, Rücker Thomas wrote:
>>>> Hello, your friendly upstream here.
>>>>
>>>> We just released Icecast 2.3.3 which addresses this issue.
>>>>
>>>> Also for the record. It's fairly easy to spot those injection
>>>> attempts by looking at the Icecast access log.
>>> Great. I am looking into updating the packaging now.
>> Just wondering how the updated package is going.
>> Mainly as I hear there is a freeze coming to debian.
>> Would be too bad to miss the window.
> CVE-2011-4612 is still unfixed in Wheezy, only in unstable. Please either
> ask the release managers to unblock 2.3.3 (unlikely at this time
> in the freeze) or upload an isolated fix to testing-proposed-updates.
JFTR: We hurried out 2.3.3 still before the freeze so that it could
possibly make it into wheezy. Carrying a 4+ year old release that misses
numerous security and stability fixes is kind of impractical.
So far there have been no regressions or new bugs found in 2.3.3 and it
is a clean drop-in replacement for 2.3.2.
Cheers
Thomas
More information about the pkg-multimedia-maintainers
mailing list