Package: icecast2 Followup-For: Bug #301368 I butted into #icecast on freenode and got this:
Mar 31 18:34:37 <pabs3> does anyone know if there is a fix for this security issue available? http://securitytracker.com/alerts/2005/Mar/1013475.html Mar 31 18:35:53 <dm8tbr> it was discussed here some time ago Mar 31 18:41:38 <pabs3> ...and is there a fix available? Mar 31 18:42:59 <trippeh> its not much of a issue, you can gain rights to, err, yourself. and the xsl-problems seems to be in libxslt, not icecast (not that its much of a critical issue that either) Mar 31 18:46:08 <trippeh> its not common to have write access to icecasts xsl/webroot files, and if you do, you have in 99.9999% of the cases access to the icecast user anyway. Mar 31 18:51:10 <pabs3> hm, would anyone care to add something to this bug report and perhaps recommend downgrading it to something not release-critical? http://bugs.debian.org/301368 Mar 31 18:51:46 <pabs3> or perhaps recommend reassigning to libxslt? Hope that helps a little. -- bye, pabs
signature.asc
Description: This is a digitally signed message part
