Please find attached, a debdiff that patches the issue by trimming at occurances of "\r" or "\n". Tested on lenny. After applying the, you have :-
$ echo -ne "GET /non-existent"'"'"%20No%20such%20file%20or%20directory%0d%0a[1970-01-01%20%2000:00:00]%20PHUN%20I'm%20feeling%20phunny%0d%0a["`date "+%Y-%m-%d%%20%%20%H:%M:%S"`"]%20WARN%20fserve/fserve_client_create%20req%20for%20file%20"'"'"/usr/share/icecast2/web/ HTTP/1.0\n\n" | nc -vv 127.0.0.1 8000 > /dev/null Connection to 127.0.0.1 8000 port [tcp/*] succeeded! $ cat /var/log/icecast2/error.log [2012-02-20 19:32:34] INFO main/main Icecast 2.3.2 server started[2012-02-20 19:32:34] INFO connection/get_ssl_certificate No SSL capability [2012-02-20 19:32:34] INFO stats/_stats_thread stats thread started [2012-02-20 19:32:34] INFO yp/yp_update_thread YP update thread started [2012-02-20 19:32:34] INFO fserve/fserv_thread_function file serving thread started [2012-02-20 19:33:23] INFO fserve/fserve_client_create checking for file /non-existent" No such file or directory (/usr/share/icecast2/web/non-existent" No such file or directory) [2012-02-20 19:33:23] WARN fserve/fserve_client_create req for file "/usr/share/icecast2/web/non-existent" No such file or directory" No such file or directory ** Patch added: "icecast2_2.3.2-5ubuntu2.debdiff" https://bugs.launchpad.net/ubuntu/+source/icecast2/+bug/894782/+attachment/2762593/+files/icecast2_2.3.2-5ubuntu2.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/894782 Title: Newline injection in error.log To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/icecast2/+bug/894782/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
