-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 28 Apr 2015 16:25:58 -0400 Source: icecast2 Binary: icecast2 Architecture: source amd64 Version: 2.4.0-1.1+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org> Changed-By: Unit 193 <unit193@ubuntu.com> Description: icecast2 - streaming media server Closes: 782120 Changes: icecast2 (2.4.0-1.1+deb8u1) jessie-security; urgency=high . * This fixes a crash (NULL reference) in case URL Auth is used and stream_auth is trigged with no credentials passed by the client. Username and password is now set to empty strings and transmited to the backend server this way. (Closes: #782120, fixes CVE-2015-3026) Checksums-Sha1: 6e9527155c0048dd8c1802e7f5cd7f639af3f7ae 2345 icecast2_2.4.0-1.1+deb8u1.dsc 45bd403c2b1d6f1250216cd3a0447d41f979c348 1087795 icecast2_2.4.0.orig.tar.gz 321ebb03bbd744f70bbf056a0d3c6c3e6a430769 29592 icecast2_2.4.0-1.1+deb8u1.debian.tar.xz c111c2604f993416384fc7d58eaa8460464c2a8e 277478 icecast2_2.4.0-1.1+deb8u1_amd64.deb Checksums-Sha256: f8ffc26abe6e51f96a8013e1877be88a03169389fc79e7a7fa58bf92871afd11 2345 icecast2_2.4.0-1.1+deb8u1.dsc 17b7e957e1b16a576efaabd69c15126e84ce98d3791ccee4546b72c0c6460f32 1087795 icecast2_2.4.0.orig.tar.gz 895acd7bd62ab3fa83bcd254335f83d89c76ef30b06df71cc4316c459ae767ca 29592 icecast2_2.4.0-1.1+deb8u1.debian.tar.xz 9162b6c388649240e6b062d9d492712526aa5e99830fd77141beedf1e2e7843a 277478 icecast2_2.4.0-1.1+deb8u1_amd64.deb Files: 53563ee8b987f06581f9b9fffc89d337 2345 sound optional icecast2_2.4.0-1.1+deb8u1.dsc bb00bfc0d6d2dde24974641085602b81 1087795 sound optional icecast2_2.4.0.orig.tar.gz 726dc90c578d792542bb9423795a20ef 29592 sound optional icecast2_2.4.0-1.1+deb8u1.debian.tar.xz fc3f92a0d4d89f141531d1f169592c3e 277478 sound optional icecast2_2.4.0-1.1+deb8u1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJVQK1GAAoJEK+lG9bN5XPLDakP+gNvOq9pkgR8Tp84oxEL9ITs GC7ozXVOZjLlweiBHB5ttoYkV49gz/eDxqAZkFpwapg3NG8o/Sb3UDBb1iSZ1Ab8 mT74eBBNpoZKWQ21daw8EeMtq5g7FPmTol/6dhkWn4n3QdcGzJPzzKw+YLokV5cF FzCvKaMWIQikuYWyCaVxQyn/eCkMDxXyZIVbHCvH9mT8QNRXm7oSQ4oS8668SbaH 0BHv/cohHJaeE1C6gEDenhgxh1sUDC67uhr0NVWlDi2XQszD5JnfK9xy+xYVmymn 9MtZBgHMd0zmzaVpNZ41/THiB+/hh1DK2SGTfzsG7OAdr22wEo0Cni1B7gTaCnye /bcziqMtWCnh8Iac3JDawi9rlhbzOCyTonH9EZ7vBe0HMBjnu/ohAqmojTAqgi9X 5vP+FNogSReVjOipFxjS/INvlEljPCwzt/NWG7Hr9wGX8DkcZ8eaE+aYNdPjUz1P bKHKodVSmziCw5CSZ4xiLtKycuNildSJAM8rzdrUDoDRBVZW+avGHnZEHcV/zZ4/ zAv3InUPImcXluNgDHwZ+NLkf5nSJsL10R4GijYAu+QHk3W/swKwstj/Y3YagIgc EqVgDW8dknRD2hxBuDpLvpNOMathEu6Acnopc/Y4p+6zvjr9lln1+rSKtiLbmIf6 nw1l+VxExCJXc6Yw29FE =6hpW -----END PGP SIGNATURE-----
