github mikebrady/shairport-sync 3.2d13
Version 3.2d13 – Development Version, Important Security Update

latest releases: 3.3.9, 4.1-dev, 4.0-dev...
pre-release4 years ago

Security Update

  • The version of tinysvcmdns bundled in Shairport Sync has a buffer overflow bug: "An exploitable heap overflow vulnerability exists in the tinysvcmdns library version 2016-07-18. A specially crafted packet can make the library overwrite an arbitrary amount of data on the heap with attacker controlled values. An attacker needs send a dns packet to trigger this vulnerability." The vulnerability is addressed by additional checking on packet sizes. See also CVE-2017-12087 and Vulnerability in tinysvcmdns.
    Thanks and Chris Boot for fixing this bug.

Continuing experiments with D-Bus and MPRIS support. As before, please note that the implementation is likely to change greatly or be removed at any time.

Don't miss a new shairport-sync release

NewReleases is sending notifications on new releases.