[icecast] Fwd: Icecast temp patch (OR: Patches? We DO need stinkin' patches!!@$!)

Alfredo E. Cotroneo alfredo at nexus.org
Thu Apr 4 13:52:36 UTC 2002


Hi There,

re. the recently reported buffer overflow in icecast, is there any 
"official" security patch against 1.3.11 ? I am reluctant to take any 
un-official patch like this one ;-)

There is nothing on www.icecast.org/releases, maybe it's somewhere else ?

Thanks.

Alfredo

<p><p>>Mailing-List: contact bugtraq-help at securityfocus.com; run by ezmlm
>List-Id: <bugtraq.list-id.securityfocus.com>
>List-Post: <mailto:bugtraq at securityfocus.com>
>List-Help: <mailto:bugtraq-help at securityfocus.com>
>List-Unsubscribe: <mailto:bugtraq-unsubscribe at securityfocus.com>
>List-Subscribe: <mailto:bugtraq-subscribe at securityfocus.com>
>Delivered-To: mailing list bugtraq at securityfocus.com
>Delivered-To: moderator for bugtraq at securityfocus.com
>From: Neeko Oni <neeko at haackey.com>
>Subject: Icecast temp patch (OR: Patches?  We DO need stinkin' patches!!@$!)
>To: bugtraq at securityfocus.com
>Date: Wed, 3 Apr 2002 12:42:03 -0800 (PST)
>
>
>This addresses the client_login() Icecast issue:
>
>For those who have a burning need to 'patch < patch', or just don't
>want to type three lines into client.c, I've attached a small
>patch to client.c (Icecast 1.3.11).
>Simplicity is thy name.
>(More specific:  It's the suggested patch in the icx.c exploit, with
>  an added logging flag.)
>
>Thanks to Diz for making this public.
>
>.Neeko Oni

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ice-patch.txt
URL: <http://lists.xiph.org/pipermail/icecast/attachments/20020404/b0e1645b/attachment.txt>


More information about the Icecast mailing list