shairport-sync: security bump to version 3.1.4 - buildroot

diff options

author	Jörg Krause <joerg.krause@embedded.rocks>	2017-11-23 20:36:41 +0100
committer	Thomas Petazzoni <thomas.petazzoni@free-electrons.com>	2017-11-23 21:10:53 +0100
commit	23c5f9c65485c15cf78f0e20c12c1749e24808f7 (patch)
tree	d7da613111f7e0ee7cc9f88b823085a9c407dc77 /package/python-mwclient
parent	9dd25fe977867a2e7ef1ba40c3cbd12953ecaf51 (diff)
download	buildroot-23c5f9c65485c15cf78f0e20c12c1749e24808f7.tar.gz buildroot-23c5f9c65485c15cf78f0e20c12c1749e24808f7.zip

shairport-sync: security bump to version 3.1.4

The bundled tinysvcmdns library is affected by CVE-2017-12087 [1]: > An exploitable heap overflow vulnerability exists in the tinysvcmdns library > version 2016-07-18. A specially crafted packet can make the library overwrite > an arbitrary amount of data on the heap with attacker controlled values. An > attacker needs send a dns packet to trigger this vulnerability. shairport-sync has incorparated upstreams fixes in [2]. [1] https://bugs.launchpad.net/bugs/cve/2017-12087 [2] https://github.com/mikebrady/shairport-sync/commit/1dbdf94811b8315705dbac5ba9199d417231c5d3 Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

Diffstat (limited to 'package/python-mwclient')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: