Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#42912 - [icecast] information leak (CVE-2014-9018)
Attached to Project:
Community Packages
Opened by Remi Gacogne (rgacogne) - Wednesday, 26 November 2014, 17:30 GMT
Last edited by Lukas Fleischer (lfleischer) - Friday, 28 November 2014, 08:21 GMT
Opened by Remi Gacogne (rgacogne) - Wednesday, 26 November 2014, 17:30 GMT
Last edited by Lukas Fleischer (lfleischer) - Friday, 28 November 2014, 08:21 GMT
|
DetailsAn information leak has been found in icecast < 2.4.1 [1]. I believe we should upgrade the package to version 2.4.1 whenever possible, as it also contains SSL-related hardening fixes [2].
[1]: http://seclists.org/oss-sec/2014/q4/716 [2]: http://icecast.org/news/icecast-release-2_4_1/ |
This task depends upon
Closed by Lukas Fleischer (lfleischer)
Friday, 28 November 2014, 08:21 GMT
Reason for closing: Fixed
Additional comments about closing: Fixed in 2.4.1.
Friday, 28 November 2014, 08:21 GMT
Reason for closing: Fixed
Additional comments about closing: Fixed in 2.4.1.