Version 3.2d13 – Development Version, Important Security Update
Pre-release
Pre-release
·
3764 commits
to development
since this release
Security Update
- The version of
tinysvcmdns
bundled in Shairport Sync has a buffer overflow bug: "An exploitable heap overflow vulnerability exists in the tinysvcmdns library version 2016-07-18. A specially crafted packet can make the library overwrite an arbitrary amount of data on the heap with attacker controlled values. An attacker needs send a dns packet to trigger this vulnerability." The vulnerability is addressed by additional checking on packet sizes. See also CVE-2017-12087 and Vulnerability in tinysvcmdns.
Thanks and Chris Boot for fixing this bug.
Continuing experiments with D-Bus and MPRIS
support. As before, please note that the implementation is likely to change greatly or be removed at any time.