[Icecast-dev] [oss-security] RE: Security issue in icecast

Jamie Strandboge jamie at canonical.com
Thu Dec 15 11:17:08 PST 2011

On Thu, 2011-12-15 at 20:31 +0200, Thomas.Rucker at tieto.com wrote:
> *snip*
> Sending this to a public mailing list might not have been the smartest idea.

I considered this a low impact vulnerability and therefore followed the
procedures for reporting to oss-security. Additionally, I looked for a
security contact at http://www.icecast.org/contact.php but could not
find one, so I sent to the list since it said this was a valid way to
submit bugs. If the issue were more severe, I would have followed a
different procedure. I apologize for the inconvenience.

> We're already aware of Moritz's finding and are working on a fix.
> Expect icecast release 2.3.3 soon.

Glad to hear. Thanks!

Jamie Strandboge             | http://www.canonical.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
Url : http://lists.xiph.org/pipermail/icecast-dev/attachments/20111215/1eb466ad/attachment.pgp 

More information about the Icecast-dev mailing list