2008
mt-daapd (0.2.4+r1376-1.1+etch2) stable-security; urgency=high
* Non-maintainer upload by the security team
* Correct logic flaw in 04_upstream_CVE-2007-5824_CVE-2007-5825.dpatch
which broke authentication; thanks to Martijn Plak
<martijn@plak.net> for the report and fix.
-- Devin Carraway <devin@debian.org> Thu, 28 Aug 2008 05:32:21 -0700
mt-daapd (0.2.4+r1376-1.1+etch1) stable-security; urgency=high
* Non-maintainer upload by the security team
* Apply backport of upstream fixes for two related
vulnerabilities (Closes: #459961):
+ CVE-2007-5824: Remote denial-of-service through a null pointer
dereference in src/webserver.c's authorization header handling
+ CVE-2007-5825: Remote arbitrary code execution through a format
string vulnerability in authorization header of an /xml-rpc request
* Apply fix from Nico Golde <nion@debian.org> for CVE-2008-1771, an
integer overflow vulnerability also in src/webserver.c, potentilly
enabling execution of arbitrary code (Closes: #476241)
-- Devin Carraway <devin@debian.org> Mon, 9 Jun 2008 06:36:18 +0000
2006
mt-daapd (0.2.4+r1376-1) unstable; urgency=low
* Initial release. (closes: #357244, #294922, #285789) * Note that this release does not contain the source files that are under APSL license. mt-daapd gets built using Avahi (howl compatibility layer.)
-- Joshua Kwan <joshk@triplehelix.org> Tue, 5 Sep 2006 18:09:38 -0700