[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#912611: marked as done (icecast2: CVE-2018-18820)

Your message dated Sat, 10 Nov 2018 11:17:07 +0000
with message-id <E1gLRGF-000CJ9-WA@fasolo.debian.org>
and subject line Bug#912611: fixed in icecast2 2.4.2-1+deb9u1
has caused the Debian Bug report #912611,
regarding icecast2: CVE-2018-18820
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
912611: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912611
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Source: icecast2
Version: 2.4.3-3
Severity: grave
Tags: patch security upstream
Justification: user security hole
Forwarded: https://gitlab.xiph.org/xiph/icecast-server/issues/2342
Control: found -1 2.4.2-1

Hi,

The following vulnerability was published for icecast2.

CVE-2018-18820[0]:
buffer overflow in url-auth

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2018-18820
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18820

Please adjust the affected versions in the BTS as needed.



-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.18.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

--- End Message ---
--- Begin Message --- 
Source: icecast2
Source-Version: 2.4.2-1+deb9u1

We believe that the bug you reported is fixed in the latest version of
icecast2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 912611@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Unit 193 <unit193@ubuntu.com> (supplier of updated icecast2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 31 Oct 2018 01:26:56 -0400
Source: icecast2
Binary: icecast2
Architecture: source amd64
Version: 2.4.2-1+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>
Changed-By: Unit 193 <unit193@ubuntu.com>
Description:
 icecast2   - streaming media server
Closes: 912611
Changes:
 icecast2 (2.4.2-1+deb9u1) stretch-security; urgency=high
 .
   * d/p/CVE-2018-18820.patch:
     - Cherry-pick upstream commits fixing buffer overflow in URL authentication
     - Closes: #912611, CVE-2018-18820
Checksums-Sha1:
 e83d04d09254541b123f94de759941e1a85cc2d9 2351 icecast2_2.4.2-1+deb9u1.dsc
 57a092302ab8aa4993fa280f299c099d25e875a5 2388381 icecast2_2.4.2.orig.tar.gz
 8a27d083c07f667d168a46e897f067decc3b2721 34880 icecast2_2.4.2-1+deb9u1.debian.tar.xz
 0848675c90b1878f4731fa6ff278a2561df4ba6a 353612 icecast2-dbgsym_2.4.2-1+deb9u1_amd64.deb
 8a33ac175d212e01215ee58001ced85b0810f331 8383 icecast2_2.4.2-1+deb9u1_amd64.buildinfo
 52b3f9418ffbffe6ebfc8318de790d67a0d23838 1541780 icecast2_2.4.2-1+deb9u1_amd64.deb
Checksums-Sha256:
 9e452a038f0cc0b8507c1ec410d5596d9fcc9e41be393276ba76f8eb94fc2caf 2351 icecast2_2.4.2-1+deb9u1.dsc
 aa1ae2fa364454ccec61a9247949d19959cb0ce1b044a79151bf8657fd673f4f 2388381 icecast2_2.4.2.orig.tar.gz
 5dc93b6265545dd7d5479a321131cdc409c9c5bcc3619360091141e4bcb732c8 34880 icecast2_2.4.2-1+deb9u1.debian.tar.xz
 99f8761083d313a984bf6ae457fd1b43cd5ddc10a4a87264e4714aa92b036f5e 353612 icecast2-dbgsym_2.4.2-1+deb9u1_amd64.deb
 b3484d9d1328c904d3b4ec418a5626a31bbe5497fdd2d7c640d0c03d79e281e4 8383 icecast2_2.4.2-1+deb9u1_amd64.buildinfo
 59a1f09c76c63ab3b64fc87917e167d2a8df3426fbb655499df1590b52aaec2a 1541780 icecast2_2.4.2-1+deb9u1_amd64.deb
Files:
 f754a9b188085e511c369157a7728621 2351 sound optional icecast2_2.4.2-1+deb9u1.dsc
 55947c83d31dfcbbede58c9521c676f4 2388381 sound optional icecast2_2.4.2.orig.tar.gz
 902a5675ff489d5af8826cbbda99778f 34880 sound optional icecast2_2.4.2-1+deb9u1.debian.tar.xz
 5702dd5ac8b9244c820f7feb96192a45 353612 debug extra icecast2-dbgsym_2.4.2-1+deb9u1_amd64.deb
 8ee841e92ded6ce4e730ffa6a7298e41 8383 sound optional icecast2_2.4.2-1+deb9u1_amd64.buildinfo
 ebd357884a35e8f3f68607e740e3e11e 1541780 sound optional icecast2_2.4.2-1+deb9u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlveLBoACgkQEMKTtsN8
TjZv5xAAmDBOPtmJ9LReRpO64jkqJcrzlNJj5B32APWgcZW+I0p6AyC87en7bjJW
bTzxsMbdRUqH4khsCuXbDM6TupwMLbukiRyA5KBE0eQZmbeFN4D/kyeGiP0yYT76
5xmAI+zfTKa/5Hxnz9XWC+W65qnhmcHvLbtrFUTvczidvOSWl8dsQbnYRj4rWBVU
kYWgUx8kv/2bdkX9z+NnnXcZkmMhAlJbw0rRva6nSFss8SuCUkFzSLji9KgqL0Rp
iX8i4GawHIyQnG8SGkkvUJXZlHggIeqcHDLTV3Bj7lsdpNinLwC8C+y699Ci6Xqb
Q18K4qdnXuvq0LUnnGiSvky7+8EoqInHifPaH4qOsF3v81KGV2+Pu6foZ1Dv2VK1
5TIRNTOi0lOvKgYOeyCQZsFGDN7owK+k57XOS7SGQH/1PU+ZMbwHG3xmX7qm9Vlx
t02vd4RBvkvcASX1i9R/iPlN7mYw5l+Sefz4skgU8SvfdhE2kaT3E58G+nRueVBQ
SPdj1LDJvpUEh79ezkaC0cYXH02XUOu/yRtDRFJLYDqyu2llEPYQsT10rY/2CKuG
ZzWzSYNmCykzCFpzjlIqrMVjnzwFPyk0VIEsv7XUG20xjDzpG8u8YyBkYFOYxMar
55RLw6IXWwXYuwOuzpr/lBfse8F6Zr1u0CS6IRaXAoSaYfmANjQ=
=8qn8
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: