Debian reported:
 
Steve Kemp discovered two vulnerabilities in gnump3d, a streaming
server for MP3 and OGG files.  The Common Vulnerabilities and
Exposures Project identifies the following problems:
 
CVE-2005-3122
 
    The 404 error page does not strip malicious javascript content
    from the resulting page, which would be executed in the victims
    browser.
 
CVE-2005-3123
 
    By using specially crafting URLs it is possible to read arbitary
    files to which the user of the streaming server has access to.