shairport-sync: security bump to version 3.1.4

The bundled tinysvcmdns library is affected by CVE-2017-12087 [1]: > An exploitable heap overflow vulnerability exists in the tinysvcmdns library > version 2016-07-18. A specially crafted packet can make the library overwrite > an arbitrary amount of data on the heap with attacker controlled values. An > attacker needs send a dns packet to trigger this vulnerability. shairport-sync has incorparated upstreams fixes in [2]. [1] https://bugs.launchpad.net/bugs/cve/2017-12087 [2] 1dbdf94811 Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-11-23 20:36:41 +01:00 · 2017-11-23 20:36:41 +01:00 · 23c5f9c654
commit 23c5f9c654
parent 9dd25fe977
2 changed files with 2 additions and 2 deletions
--- a/package/shairport-sync/shairport-sync.hash
+++ b/package/shairport-sync/shairport-sync.hash
@ -1,2 +1,2 @@
 # Locally calculated
-sha256  dd0484d7e8ee7631aee78c78b3762abbdba7ec3f2ee8cd6c1e361544c1414da3  shairport-sync-3.1.3.tar.gz
+sha256  4c5a2ab40ef49896f5b6e59b20df4f621ebce47ee64d8571336f59820ae66379  shairport-sync-3.1.4.tar.gz
--- a/package/shairport-sync/shairport-sync.mk
+++ b/package/shairport-sync/shairport-sync.mk
@ -4,7 +4,7 @@
 #
 ################################################################################

-SHAIRPORT_SYNC_VERSION = 3.1.3
+SHAIRPORT_SYNC_VERSION = 3.1.4
 SHAIRPORT_SYNC_SITE = $(call github,mikebrady,shairport-sync,$(SHAIRPORT_SYNC_VERSION))

 SHAIRPORT_SYNC_LICENSE = MIT, BSD-3-Clause