NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
e394b446f5
kumquat-buildroot/package/shairport-sync/shairport-sync.hash
Jörg Krause 23c5f9c654 shairport-sync: security bump to version 3.1.4 
The bundled tinysvcmdns library is affected by CVE-2017-12087 [1]:

> An exploitable heap overflow vulnerability exists in the tinysvcmdns library
> version 2016-07-18. A specially crafted packet can make the library overwrite
> an arbitrary amount of data on the heap with attacker controlled values. An
> attacker needs send a dns packet to trigger this vulnerability.

shairport-sync has incorparated upstreams fixes in [2].

[1] https://bugs.launchpad.net/bugs/cve/2017-12087
[2] 1dbdf94811

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-11-23 21:10:53 +01:00

3 lines
123 B
Plaintext
Raw Blame History

# Locally calculated
sha256 4c5a2ab40ef49896f5b6e59b20df4f621ebce47ee64d8571336f59820ae66379 shairport-sync-3.1.4.tar.gz
Reference in New Issue View Git Blame Copy Permalink