CVS commit: pkgsrc/audio/icecast

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/audio/icecast
From: "Adam Ciarcinski" <adam%netbsd.org@localhost>
Date: Tue, 9 Feb 2016 07:02:54 +0000

Module Name:    pkgsrc
Committed By:   adam
Date:           Tue Feb  9 07:02:54 UTC 2016

Modified Files:
        pkgsrc/audio/icecast: Makefile distinfo
        pkgsrc/audio/icecast/patches: patch-ab

Log Message:
Changes 2.4.3:
Fixes CVE-2005-0837.
The vulnerability, identified as CVE-2005-0837, allows an attacker to acces the raw XSLT template file by appending a dot “.” to the URL. Due to the way how Windows handles file names ending with a 
dot, it only affects Icecast versions < 2.4.3 running on Windows. Icecast on other operating systems, like Linux, wasn’t affected at any time by this issue. If you haven’t modified the default XSLT 
files of a Windows installation, then no information disclosure of real value could have happened. We expect that most, of the comparatively few, Windows installations have unmodified template files 
and thus, while technically vulnerable, only expose those unmodified templates. To be clear, no runtime information can be accessed this way.


To generate a diff of this commit:
cvs rdiff -u -r1.59 -r1.60 pkgsrc/audio/icecast/Makefile
cvs rdiff -u -r1.21 -r1.22 pkgsrc/audio/icecast/distinfo
cvs rdiff -u -r1.10 -r1.11 pkgsrc/audio/icecast/patches/patch-ab

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: pkgsrc/devel/cre2
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/devel/cre2
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index