Your message dated Fri, 02 Nov 2018 11:09:38 +0000
with message-id <e1gixkc-000hfm...@fasolo.debian.org>
and subject line Bug#912611: fixed in icecast2 2.4.4-1
has caused the Debian Bug report #912611,
regarding icecast2: CVE-2018-18820
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
912611: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912611
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: icecast2
Version: 2.4.3-3
Severity: grave
Tags: patch security upstream
Justification: user security hole
Forwarded: https://gitlab.xiph.org/xiph/icecast-server/issues/2342
Control: found -1 2.4.2-1

Hi,

The following vulnerability was published for icecast2.

CVE-2018-18820[0]:
buffer overflow in url-auth

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2018-18820
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18820

Please adjust the affected versions in the BTS as needed.



-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.18.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

--- End Message ---
--- Begin Message ---
Source: icecast2
Source-Version: 2.4.4-1

We believe that the bug you reported is fixed in the latest version of
icecast2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 912...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Unit 193 <unit...@ubuntu.com> (supplier of updated icecast2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 01 Nov 2018 18:07:33 -0400
Source: icecast2
Binary: icecast2
Architecture: source
Version: 2.4.4-1
Distribution: unstable
Urgency: high
Maintainer: Debian Multimedia Maintainers <debian-multime...@lists.debian.org>
Changed-By: Unit 193 <unit...@ubuntu.com>
Description:
 icecast2   - streaming media server
Closes: 912611
Changes:
 icecast2 (2.4.4-1) unstable; urgency=high
 .
   * New upstream version 2.4.4
     - Fix buffer overflows in URL auth code. #2342
     - Closes: #912611, CVE-2018-18820
   * d/watch: Drop the svn-upgrade call, this hasn't been in svn for a long 
time.
   * d/gbp.conf: Rename section git-import-orig → import-orig.
Checksums-Sha1:
 44ca56482de27f375892809c8196a2d0a48a8b31 2296 icecast2_2.4.4-1.dsc
 dc1974235e72dfa5006ab4b8bae0380a2f951a36 2360592 icecast2_2.4.4.orig.tar.gz
 2542711dfadcc459a6ad13c9b8e31bc24725faa6 33312 icecast2_2.4.4-1.debian.tar.xz
Checksums-Sha256:
 60101af949917cc0dfff203cf60845d2914fe3d4d77aa20769141d6372c81630 2296 
icecast2_2.4.4-1.dsc
 49b5979f9f614140b6a38046154203ee28218d8fc549888596a683ad604e4d44 2360592 
icecast2_2.4.4.orig.tar.gz
 f7a07136feddc62f30d6d0ec86c8933a974c6f68c5688f5eb2258770f95e1e09 33312 
icecast2_2.4.4-1.debian.tar.xz
Files:
 b1af89aa2e8111aa8c700ba6d173f388 2296 sound optional icecast2_2.4.4-1.dsc
 835c7b571643f6436726a6118defb366 2360592 sound optional 
icecast2_2.4.4.orig.tar.gz
 60f5093f3dfc63d91d802c2c40374b38 33312 sound optional 
icecast2_2.4.4-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE94y6B4F7sUmhHTOQafL8UW6nGZMFAlvcKQgACgkQafL8UW6n
GZOEXw/+NiBeOypPV1yf89ktg0KO4yG0cN8lZgX8Oa/V/xTOboYxY0i26kEFPdMt
73qmgfIAJ9YUl5imkfHjlVjUqGeKxJez7Y4wYWgrPlMnMuGDA6IW5GCPRw+oEx/X
y6QHR9EpyfOvFHFi2q1whshELXEmXzR5Q+wNw0go93V+WkMbcBAQEjSYqrwGstbE
MQFyypYOTvBI2d2Xlw+3fzjzZwko3FFjaRuYjRtYxJMWM+3r2nKk9+LurT0/ypb4
Y7xYkl5XR3CkVM3y8GlwyyHX6Mp+fJYJV2ZaMSXaEM511Gl8H6i+n3hnfbKjGYg+
A29ij71Q3rqiITUBsdLZbnDocMYvrFMcepPE/QoEXqkpP2fMq2dkLOhSwPI4gOL+
gtpnAE3REc1K0C8yPC1vgzk3zGNI9IJ+borhi3NAyu6v5qxm5Rm5hFwCRdUytztH
Fp/5r6fngXUK7sf1UEWjYoh5yiu/yP9RlTrSTu58y340QgsWi2dxO47/ZiH2NXuP
H3i63mJ3nJb3jVscr74Qf/1d1NlXyJtlzQhbqE1K432YFCQfDZSgP3sdzitb5974
NfXJDg2SX4mwKxFwO6kSWFg5ja8RREaUT1jucA1l3M5J50fR1D5Ftg7QgzxEuVFm
jF20heAbSoF7Ywi9kgV7VyQg+GjLFPZb78xuV6HkrKntsIepWsI=
=c7mC
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to