Bug#912611: marked as done (icecast2: CVE-2018-18820)
Your message dated Sat, 10 Nov 2018 11:17:07 + with message-id and subject line Bug#912611: fixed in icecast2 2.4.2-1+deb9u1 has caused the Debian Bug report #912611, regarding icecast2: CVE-2018-18820 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 912611: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912611 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: icecast2 Version: 2.4.3-3 Severity: grave Tags: patch security upstream Justification: user security hole Forwarded: https://gitlab.xiph.org/xiph/icecast-server/issues/2342 Control: found -1 2.4.2-1 Hi, The following vulnerability was published for icecast2. CVE-2018-18820[0]: buffer overflow in url-auth If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-18820 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18820 Please adjust the affected versions in the BTS as needed. -- System Information: Debian Release: buster/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.18.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled --- End Message --- --- Begin Message --- Source: icecast2 Source-Version: 2.4.2-1+deb9u1 We believe that the bug you reported is fixed in the latest version of icecast2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 912...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Unit 193 (supplier of updated icecast2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 31 Oct 2018 01:26:56 -0400 Source: icecast2 Binary: icecast2 Architecture: source amd64 Version: 2.4.2-1+deb9u1 Distribution: stretch-security Urgency: high Maintainer: Debian Multimedia Maintainers Changed-By: Unit 193 Description: icecast2 - streaming media server Closes: 912611 Changes: icecast2 (2.4.2-1+deb9u1) stretch-security; urgency=high . * d/p/CVE-2018-18820.patch: - Cherry-pick upstream commits fixing buffer overflow in URL authentication - Closes: #912611, CVE-2018-18820 Checksums-Sha1: e83d04d09254541b123f94de759941e1a85cc2d9 2351 icecast2_2.4.2-1+deb9u1.dsc 57a092302ab8aa4993fa280f299c099d25e875a5 2388381 icecast2_2.4.2.orig.tar.gz 8a27d083c07f667d168a46e897f067decc3b2721 34880 icecast2_2.4.2-1+deb9u1.debian.tar.xz 0848675c90b1878f4731fa6ff278a2561df4ba6a 353612 icecast2-dbgsym_2.4.2-1+deb9u1_amd64.deb 8a33ac175d212e01215ee58001ced85b0810f331 8383 icecast2_2.4.2-1+deb9u1_amd64.buildinfo 52b3f9418ffbffe6ebfc8318de790d67a0d23838 1541780 icecast2_2.4.2-1+deb9u1_amd64.deb Checksums-Sha256: 9e452a038f0cc0b8507c1ec410d5596d9fcc9e41be393276ba76f8eb94fc2caf 2351 icecast2_2.4.2-1+deb9u1.dsc aa1ae2fa364454ccec61a9247949d19959cb0ce1b044a79151bf8657fd673f4f 2388381 icecast2_2.4.2.orig.tar.gz 5dc93b6265545dd7d5479a321131cdc409c9c5bcc3619360091141e4bcb732c8 34880 icecast2_2.4.2-1+deb9u1.debian.tar.xz 99f8761083d313a984bf6ae457fd1b43cd5ddc10a4a87264e4714aa92b036f5e 353612 icecast2-dbgsym_2.4.2-1+deb9u1_amd64.deb b3484d9d1328c904d3b4ec418a5626a31bbe5497fdd2d7c640d0c03d79e281e4 8383 icecast2_2.4.2-1+deb9u1_amd64.buildinfo 59a1f09c76c63ab3b64fc87917e167d2a8df3426fbb655499df1590b52aaec2a 1541780 icecast2_2.4.2-1+deb9u1_amd64.deb Files: f754a9b188085e511c369157a7728621 2351 sound optional icecast2_2.4.2-1+deb9u1.dsc 55947c83d31dfcbbede58c9521c676f4 2388381 sound optional icecast2_2.4.2.orig.tar.gz 902a5675ff489d5af8826cbbda99778f 34880 sound optional icecast2_2.4.2-1+deb9u1.debian.tar.xz 5702dd5ac8b9244c820f7feb96192a45 353612 debug extra icecast2-dbgsym_2.4.2-1+deb9u1_amd64.deb 8ee841e92ded6ce4e730ffa6a7298e41 8383 sound optional icecast2_2.4.2-1+deb9u1_amd64.buildinfo ebd357884a35e8f3f68607e740e3e11e 1541780 sound optional icecast2_2.4.2-1+deb9u1_amd64.deb
Bug#912611: marked as done (icecast2: CVE-2018-18820)
Your message dated Fri, 02 Nov 2018 11:09:38 + with message-id and subject line Bug#912611: fixed in icecast2 2.4.4-1 has caused the Debian Bug report #912611, regarding icecast2: CVE-2018-18820 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 912611: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912611 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: icecast2 Version: 2.4.3-3 Severity: grave Tags: patch security upstream Justification: user security hole Forwarded: https://gitlab.xiph.org/xiph/icecast-server/issues/2342 Control: found -1 2.4.2-1 Hi, The following vulnerability was published for icecast2. CVE-2018-18820[0]: buffer overflow in url-auth If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-18820 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18820 Please adjust the affected versions in the BTS as needed. -- System Information: Debian Release: buster/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.18.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled --- End Message --- --- Begin Message --- Source: icecast2 Source-Version: 2.4.4-1 We believe that the bug you reported is fixed in the latest version of icecast2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 912...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Unit 193 (supplier of updated icecast2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 01 Nov 2018 18:07:33 -0400 Source: icecast2 Binary: icecast2 Architecture: source Version: 2.4.4-1 Distribution: unstable Urgency: high Maintainer: Debian Multimedia Maintainers Changed-By: Unit 193 Description: icecast2 - streaming media server Closes: 912611 Changes: icecast2 (2.4.4-1) unstable; urgency=high . * New upstream version 2.4.4 - Fix buffer overflows in URL auth code. #2342 - Closes: #912611, CVE-2018-18820 * d/watch: Drop the svn-upgrade call, this hasn't been in svn for a long time. * d/gbp.conf: Rename section git-import-orig → import-orig. Checksums-Sha1: 44ca56482de27f375892809c8196a2d0a48a8b31 2296 icecast2_2.4.4-1.dsc dc1974235e72dfa5006ab4b8bae0380a2f951a36 2360592 icecast2_2.4.4.orig.tar.gz 2542711dfadcc459a6ad13c9b8e31bc24725faa6 33312 icecast2_2.4.4-1.debian.tar.xz Checksums-Sha256: 60101af949917cc0dfff203cf60845d2914fe3d4d77aa20769141d6372c81630 2296 icecast2_2.4.4-1.dsc 49b5979f9f614140b6a38046154203ee28218d8fc549888596a683ad604e4d44 2360592 icecast2_2.4.4.orig.tar.gz f7a07136feddc62f30d6d0ec86c8933a974c6f68c5688f5eb2258770f95e1e09 33312 icecast2_2.4.4-1.debian.tar.xz Files: b1af89aa2e8111aa8c700ba6d173f388 2296 sound optional icecast2_2.4.4-1.dsc 835c7b571643f6436726a6118defb366 2360592 sound optional icecast2_2.4.4.orig.tar.gz 60f5093f3dfc63d91d802c2c40374b38 33312 sound optional icecast2_2.4.4-1.debian.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEE94y6B4F7sUmhHTOQafL8UW6nGZMFAlvcKQgACgkQafL8UW6n GZOEXw/+NiBeOypPV1yf89ktg0KO4yG0cN8lZgX8Oa/V/xTOboYxY0i26kEFPdMt 73qmgfIAJ9YUl5imkfHjlVjUqGeKxJez7Y4wYWgrPlMnMuGDA6IW5GCPRw+oEx/X y6QHR9EpyfOvFHFi2q1whshELXEmXzR5Q+wNw0go93V+WkMbcBAQEjSYqrwGstbE MQFyypYOTvBI2d2Xlw+3fzjzZwko3FFjaRuYjRtYxJMWM+3r2nKk9+LurT0/ypb4 Y7xYkl5XR3CkVM3y8GlwyyHX6Mp+fJYJV2ZaMSXaEM511Gl8H6i+n3hnfbKjGYg+ A29ij71Q3rqiITUBsdLZbnDocMYvrFMcepPE/QoEXqkpP2fMq2dkLOhSwPI4gOL+ gtpnAE3REc1K0C8yPC1vgzk3zGNI9IJ+borhi3NAyu6v5qxm5Rm5hFwCRdUytztH Fp/5r6fngXUK7sf1UEWjYoh5yiu/yP9RlTrSTu58y340QgsWi2dxO47/ZiH2NXuP H3i63mJ3nJb3jVscr74Qf/1d1NlXyJtlzQhbqE1K432YFCQfDZSgP3sdzitb5974 NfXJDg2SX4mwKxFwO6kSWFg5ja8RREaUT1jucA1l3M5J50fR1D5Ftg7QgzxEuVFm jF20heAbSoF7Ywi9kgV7VyQg+GjLFPZb78xuV6HkrKntsIepWsI= =c7mC -END PGP SIGNATURE End Message ---