Important for getting rid of howl, this adds native avahi support. amd64 stable
x86 stable
ppc stable
sparc stable
vapier, any chance of doing this.. ? it's blocking phasing out of howl, unfortunately otherwise it's getting lastrited and keywords are lost.
Versions of mt-daapd prior to 0.2.4.1 are vulnerable. See CVE-2007-5824 (dos) and CVE-2007-5825 (remote code execution) Therefore, mt-daapd-0.2.4 must be patched or removed from the tree.
(In reply to comment #5) > Versions of mt-daapd prior to 0.2.4.1 are vulnerable. > See CVE-2007-5824 (dos) and CVE-2007-5825 (remote code execution) > > Therefore, mt-daapd-0.2.4 must be patched or removed from the tree. > Security, was there something needed to be done? Only arm and sh left here.
Thanks for letting us know. CVE-2007-5824: webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a stats method action to /xml-rpc with (1) an empty Authorization header line, which triggers a crash in the ws_decodepassword function; or (2) a header line without a ':' character, which triggers a crash in the ws_getheaders function. CVE-2007-5825: Format string vulnerability in the ws_addarg function in webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to execute arbitrary code via a stats method action to /xml-rpc with format string specifiers in the (1) username or (2) password portion of base64-encoded data on the "Authorization: Basic" HTTP header line.
GLSA request filed. This slipped through our grid because the vulnerabilities were announced in "FireFly Media Server". Sound, could you please edit the ebuilds to contain the new name in the ebuild description, so it can be found easier. Thank you!
GLSA 200712-18, thanks everyone.
