Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

KCast / News: Recent posts

Summer lull

So anyway, this is the end of the summer. I realise very little happened on the KCast/Trout front over summer, however, I have just uploaded a little update to KCast in CVS which lets you use the downsampling feature of Trout from within KCast. Basically you need lame for it to work, but you can tell it to downsample all your MP3s on the fly so you can have a fixed, constant output bitrate even if your MP3s come in various shapes and sizes.... read more

Posted by James Thorniley 2002-10-03

Security risk

A major security risk was discovered in trout, so therefore kcast, this allowed the poison null byte problem to be used in combination with the HTML serving of trout to gain read and write access to any file within hte permissions of the user trout/kcast was run as.

This has been correct now, (kcast versions > 1.1 are fixed, as is the trout html.pl file if its cvs version is > 1.1)

If you had used the disable HTML option in kcast 1.1 then you should be safe, and with the latest version of kcast (1.2) you should be safe even if it is enabled.

Posted by Toby Gray 2001-10-04