Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1323976628.3281.82.camel@localhost>
Date: Thu, 15 Dec 2011 13:17:08 -0600
From: Jamie Strandboge <jamie@...onical.com>
To: icecast-dev@...h.org
Cc: security@...itz-naumann.com, security@...ntu.com, oss-security
	 <oss-security@...ts.openwall.com>
Subject: Re: RE: [Icecast-dev] Security issue in icecast

On Thu, 2011-12-15 at 20:31 +0200, Thomas.Rucker@...to.com wrote:
> *snip*
> Sending this to a public mailing list might not have been the smartest idea.

I considered this a low impact vulnerability and therefore followed the
procedures for reporting to oss-security. Additionally, I looked for a
security contact at http://www.icecast.org/contact.php but could not
find one, so I sent to the list since it said this was a valid way to
submit bugs. If the issue were more severe, I would have followed a
different procedure. I apologize for the inconvenience.

> We're already aware of Moritz's finding and are working on a fix.
> 
> Expect icecast release 2.3.3 soon.

Glad to hear. Thanks!

-- 
Jamie Strandboge             | http://www.canonical.com

Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.