Path to this page:
Subject: CVS commit: pkgsrc/audio/icecast
From: Adam Ciarcinski
Date: 2016-02-09 08:02:54
Message id: 20160209070254.8F0A0FBB7@cvs.NetBSD.org
Log Message:
Changes 2.4.3:
Fixes CVE-2005-0837.
The vulnerability, identified as CVE-2005-0837, allows an attacker to acces the \
raw XSLT template file by appending a dot â.â to the URL. Due to the \
way how Windows handles file names ending with a dot, it only affects Icecast \
versions < 2.4.3 running on Windows. Icecast on other operating systems, like \
Linux, wasnât affected at any time by this issue. If you havenât \
modified the default XSLT files of a Windows installation, then no information \
disclosure of real value could have happened. We expect that most, of the \
comparatively few, Windows installations have unmodified template files and \
thus, while technically vulnerable, only expose those unmodified templates. To \
be clear, no runtime information can be accessed this way.
Files: