lp://qastaging/ubuntu/utopic-security/icecast2
- Get this branch:
- bzr branch lp://qastaging/ubuntu/utopic-security/icecast2
Branch merges
Branch information
Recent revisions
- 16. By Unit 193
-
* SECURITY UPDATE: Denial of service vulnerability.
- d/p/0002-crash-in- url-auth:
This fixes a crash (NULL reference) in case URL Auth is used
and stream_auth is trigged with no credentials passed by the client.
Username and password is now set to empty strings and transmited to
the backend server this way.
- CVE-2015-3026
* SECURITY UPDATE: Potentially leaks sensitive information.
- d/p/0001-disconnects_ stdio_of_ on_dis_ connect_ scripts:
Include patchset 19313 (close file handles for external scripts).
- CVE-2014-9018
* SECURITY UPDATE: Potentially allows local users to gain
privileges via unspecified vectors.
- d/p/0003-override- supplementary- groups:
In case of <changeowner> only UID and GID were changed,
supplementary groups were left in place.
This is a potential security issue only if <changeowner> is used.
New behaviour is to set UID, GID and set supplementary groups
based on the UID.
Even in case of icecast remaining in supplementary group 0
this "only" gives it things like access to files that are owned
by group 0 and according to their umask. This is obviously bad,
but not as bad as UID 0 with all its other special rights.
- CVE-2014-9091 - 15. By Logan Rosen
-
* Merge from Debian unstable. Remaining changes:
- 1004_fix_xmlCleanupParse r_splatter. patch: Make sure that
xmlCleanupParser() is only called once: on exit. Doing otherwise
potentially results in Bad Things (e.g., crashes that point
incorrectly to PulseAudio).
* Refresh patch. - 14. By Lorenzo De Liso
-
* Merge from debian unstable, remaining changes:
- 1004_fix_xmlCleanupParse r_splatter. patch: Make sure that
xmlCleanupParser() is only called once: on exit. Doing otherwise
potentially results in Bad Things (e.g., crashes that point
incorrectly to PulseAudio). - 13. By Bhavani Shankar
-
* Merge from Debian testing. Remaining changes:
- 1004_fix_xmlCleanupParse r_splatter. patch: Make sure that
xmlCleanupParser() is only called once: on exit. Doing otherwise
potentially results in Bad Things (e.g., crashes that point
incorrectly to PulseAudio). - 12. By Colin Watson
-
* Resynchronise with Debian. Remaining changes:
- 1004_fix_xmlCleanupParse r_splatter. patch: Make sure that
xmlCleanupParser() is only called once: on exit. Doing otherwise
potentially results in Bad Things (e.g., crashes that point
incorrectly to PulseAudio). - 10. By Angel Abad
-
* Merge from debian unstable (LP: #687581). Remaining changes:
- 1004_fix_xmlCleanupParse r_splatter. patch: Make sure that
xmlCleanupParser() is only called once: on exit. Doing otherwise
potentially results in Bad Things (e.g., crashes that point
incorrectly to PulseAudio). - 9. By Daniel T Chen
-
1004_fix_
xmlCleanupParse r_splatter. patch: Make sure that
xmlCleanupParser() is only called once: on exit. Doing otherwise
potentially results in Bad Things (e.g., crashes that point
incorrectly to PulseAudio). - 8. By Romain Beauxis
-
* Added patch to fix a memory leak.
Thanks to Gilles Pietri for reporting
and Jussi Kukkonen for providing a patch.
* Bumped standards version to 3.8.3
* Added doc-base registration. - 7. By Jonas Smedegaard <email address hidden>
-
* Add README.Debian mentioning the use of Subversion, CDBS, quilt and
DEB_MAINTAINER_MODE.
* Update CDBS snippets:
+ Add new snippet package-relations. mk.
+ Consistently use underscore (not dash) in variables.
+ Implement fail-source-not-repackaged rule in upstream- tarball. mk.
+ Update URL to draft DEP5 format in copyright-check.mk output.
* Resolve, cleanup and apply CDBS-declared dependencies using
package-relations. mk.
* Build-depend on autotools-dev.
* Merge mutiple build-dependencies on cdbs. Closes: bug#550227, thanks
to Stefan Ritter.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp://qastaging/ubuntu/wily/icecast2