Thanks for investigating and reporting upstream, Chris. It does indeed
look like our packages should just be plain rebuilds, so I'll mark this
'Won't Fix'. (None of the descriptions feel quite right, but I do think
it's fair to say that probably no one's going to bundle fixes for
something that we
** Changed in: shairport-sync (Debian)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1729668
Title:
Vulnerability in tinysvcmdns
To manage notifications
** Changed in: shairport-sync (Debian)
Status: Unknown => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1729668
Title:
Vulnerability in tinysvcmdns
To manage notifications about
Reported upstream:
https://github.com/mikebrady/shairport-sync/issues/619
Pull requests for upstream development and master branches:
https://github.com/mikebrady/shairport-sync/pull/620
https://github.com/mikebrady/shairport-sync/pull/621
** Bug watch added: Debian Bug tracker #882508
I maintain shairport-sync in Debian. The shairport-sync package in
Debian is built with Avahi for mDNS and doesn't use the bundled
tinysvcmdns. As far as I can tell, the Ubuntu version is a straight
rebuild and thus should also be unaffected. Yes, the vulnerable code is
in the source but the built
The attachment "tinysvcmdns-heapoverflow.patch" seems to be a patch. If
it isn't, please remove the "patch" flag from the attachment, remove the
"patch" tag, and if you are a member of the ~ubuntu-reviewers,
unsubscribe the team.
[This is an automated message performed by a Launchpad user owned
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1729668
Title:
Vulnerability in tinysvcmdns
To manage notifications about this
