Commits
Jörg Krause committed 23c5f9c6548
shairport-sync: security bump to version 3.1.4 The bundled tinysvcmdns library is affected by CVE-2017-12087 [1]: > An exploitable heap overflow vulnerability exists in the tinysvcmdns library > version 2016-07-18. A specially crafted packet can make the library overwrite > an arbitrary amount of data on the heap with attacker controlled values. An > attacker needs send a dns packet to trigger this vulnerability. shairport-sync has incorparated upstreams fixes in [2]. [1] https://bugs.launchpad.net/bugs/cve/2017-12087 [2] https://github.com/mikebrady/shairport-sync/commit/1dbdf94811b8315705dbac5ba9199d417231c5d3 Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>