shairport-sync: security bump to version 3.1.4
The bundled tinysvcmdns library is affected by CVE-2017-12087 [1]:
> An exploitable heap overflow vulnerability exists in the tinysvcmdns library
> version 2016-07-18. A specially crafted packet can make the library overwrite
> an arbitrary amount of data on the heap with attacker controlled values. An
> attacker needs send a dns packet to trigger this vulnerability.
shairport-sync has incorparated upstreams fixes in [2].
[1] https://bugs.launchpad.net/bugs/cve/2017-12087
[2] https://github.com/mikebrady/shairport-sync/commit/
1dbdf94811b8315705dbac5ba9199d417231c5d3
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
projects / buildroot.git / commit