Skip to content

Version 3.1.4 – Stable Version, Important Security Update
Compare
Choose a tag to compare
@mikebrady mikebrady released this 23 Nov 15:43
· 3850 commits to master since this release
3.1.4
7d51c06
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Security Update

  • The version of tinysvcmdns bundled in Shairport Sync has a buffer overflow bug: "An exploitable heap overflow vulnerability exists in the tinysvcmdns library version 2016-07-18. A specially crafted packet can make the library overwrite an arbitrary amount of data on the heap with attacker controlled values. An attacker needs send a dns packet to trigger this vulnerability." The vulnerability is addressed by additional checking on packet sizes. See also CVE-2017-12087 and Vulnerability in tinysvcmdns.
    Thanks and Chris Boot for fixing this bug.

Bug Fix

  • Somewhere in version 3.x, the softvol plugin got broken as the volume change is not applied anymore. Turned out that, for the softvol plugin, no volume() and parameters() are defined. Thanks to Jörg Krause for locating and fixing this bug.
Assets 2
Loading