diff -u icecast2-2.3.2/debian/changelog icecast2-2.3.2/debian/changelog
--- icecast2-2.3.2/debian/changelog
+++ icecast2-2.3.2/debian/changelog
@@ -1,3 +1,12 @@
+icecast2 (2.3.2-5ubuntu2) lucid-security; urgency=low
+
+  * SECURITY UPDATE: Newline injection in error.log (LP: 894782)
+    - src/fserve.c: modify fserve_client_create to check for '\r', '\n'
+      and replace with an '_'.
+    - CVE-2011-4612
+
+ -- Zubin Mithra <zubin.mithra@gmail.com>  Tue, 21 Feb 2012 20:30:16 +0530
+
 icecast2 (2.3.2-5ubuntu1) lucid; urgency=low
 
   * 1004_fix_xmlCleanupParser_splatter.patch: Make sure that
only in patch2:
unchanged:
--- icecast2-2.3.2.orig/src/fserve.c
+++ icecast2-2.3.2/src/fserve.c
@@ -395,9 +395,22 @@
     int xspf_requested = 0, xspf_file_available = 1;
     ice_config_t *config;
     FILE *file;
+    int i;
+    char *filtered_path;
 
-    fullpath = util_get_path_from_normalised_uri (path);
-    INFO2 ("checking for file %s (%s)", path, fullpath);
+    /* Replace occurances of '\r' and '\n' with an '_' if any */
+    filtered_path = (char *)malloc(strlen(path));
+    for(i=0; path[i]!='\0'; ++i) {
+        if(path[i] == '\r' || path[i] == '\n') {
+            filtered_path[i] = '_';
+        }
+        else
+            filtered_path[i] = path[i];
+    }
+
+    fullpath = util_get_path_from_normalised_uri (filtered_path);
+    INFO2 ("checking for file %s (%s)", filtered_path, fullpath);
+    free(filtered_path);
 
     if (strcmp (util_get_extension (fullpath), "m3u") == 0)
         m3u_requested = 1;