[Bug 1729668] Re: Vulnerability in tinysvcmdns
Thanks for investigating and reporting upstream, Chris. It does indeed look like our packages should just be plain rebuilds, so I'll mark this 'Won't Fix'. (None of the descriptions feel quite right, but I do think it's fair to say that probably no one's going to bundle fixes for something that we don't build.) Thanks ** Changed in: shairport-sync (Ubuntu) Status: New => Won't Fix -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1729668 Title: Vulnerability in tinysvcmdns To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shairport-sync/+bug/1729668/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1729668] Re: Vulnerability in tinysvcmdns
** Changed in: shairport-sync (Debian) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1729668 Title: Vulnerability in tinysvcmdns To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shairport-sync/+bug/1729668/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1729668] Re: Vulnerability in tinysvcmdns
** Changed in: shairport-sync (Debian) Status: Unknown => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1729668 Title: Vulnerability in tinysvcmdns To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shairport-sync/+bug/1729668/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1729668] Re: Vulnerability in tinysvcmdns
Reported upstream: https://github.com/mikebrady/shairport-sync/issues/619 Pull requests for upstream development and master branches: https://github.com/mikebrady/shairport-sync/pull/620 https://github.com/mikebrady/shairport-sync/pull/621 ** Bug watch added: Debian Bug tracker #882508 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882508 ** Also affects: shairport-sync (Debian) via https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882508 Importance: Unknown Status: Unknown ** Bug watch added: github.com/mikebrady/shairport-sync/issues #619 https://github.com/mikebrady/shairport-sync/issues/619 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1729668 Title: Vulnerability in tinysvcmdns To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shairport-sync/+bug/1729668/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1729668] Re: Vulnerability in tinysvcmdns
I maintain shairport-sync in Debian. The shairport-sync package in Debian is built with Avahi for mDNS and doesn't use the bundled tinysvcmdns. As far as I can tell, the Ubuntu version is a straight rebuild and thus should also be unaffected. Yes, the vulnerable code is in the source but the built binaries should not include it. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1729668 Title: Vulnerability in tinysvcmdns To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shairport-sync/+bug/1729668/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1729668] Re: Vulnerability in tinysvcmdns
The attachment "tinysvcmdns-heapoverflow.patch" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team. [This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.] ** Tags added: patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1729668 Title: Vulnerability in tinysvcmdns To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shairport-sync/+bug/1729668/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1729668] Re: Vulnerability in tinysvcmdns
** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1729668 Title: Vulnerability in tinysvcmdns To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shairport-sync/+bug/1729668/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs