Multiple CVEs in 2.3.3-2ubuntu1 found in trusty

As seen http://people.canonical.com/~ubuntu-security/cve/pkg/icecast2.html there are multiple security issues. Several, if not all have been addressed in Debian.

Changelog of attached debdiff:

icecast2 (2.3.3-2ubuntu1.1) trusty; urgency=high

  * SECURITY UPDATE: Denial of service vulnerability.
    - d/p/0002-crash-in-url-auth:
      This fixes a crash (NULL reference) in case URL Auth is used
      and stream_auth is trigged with no credentials passed by the client.
      Username and password is now set to empty strings and transmited to
      the backend server this way.
    - CVE-2015-3026
  * SECURITY UPDATE: Potentially leaks sensitive information.
    - d/p/0001-disconnects_stdio_of_on_dis_connect_scripts:
      Include patchset 19313 (close file handles for external scripts).
    - CVE-2014-9018
  * SECURITY UPDATE: Potentially allows local users to gain
    privileges via unspecified vectors.
    - d/p/0003-override-supplementary-groups:
      In case of <changeowner> only UID and GID were changed,
      supplementary groups were left in place.
      This is a potential security issue only if <changeowner> is used.
      New behaviour is to set UID, GID and set supplementary groups
      based on the UID.
      Even in case of icecast remaining in supplementary group 0
      this "only" gives it things like access to files that are owned
      by group 0 and according to their umask. This is obviously bad,
      but not as bad as UID 0 with all its other special rights.
    - CVE-2014-9091

 -- Unit 193 <email address hidden> Tue, 28 Apr 2015 17:28:20 -0400