[Icecast-dev] Icecast 2 affected by cross-site scripting vulnerability in status-display?

Matthias Geerdsen vorlon at vorlons.info
Thu Sep 2 01:33:22 PDT 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

since Icecast <=1.3.12 has been affected by a cross-site scripting
vulnerability in the status display (s.
<http://securitytracker.com/alerts/2004/Aug/1011046.html> and
<http://www.debian.org/security/2004/dsa-541>) it appears to be unclear
so far if Icecast 2.x is vulnerable too. Can anyone of you maybe confirm
it is affected/not affected?

Regards,
	Matthias

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFBNtrS0MwiQdjL1BgRAl0MAJ4mI20UAVboD2CmFZiM2z6g6itWbgCdHGmC
mZyhWxpTZTAw6brLzWV7Oh8=
=QEw0
-----END PGP SIGNATURE-----


More information about the Icecast-dev mailing list