Debian Bug report logs -
#882508
src:shairport-sync: CVE-2017-12087 in bundled tinysvcmdns
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, bootc@debian.org:
Bug#882508; Package src:shairport-sync.
(Thu, 23 Nov 2017 15:15:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Chris Boot <bootc@debian.org>:
New Bug report received and forwarded. Copy sent to bootc@debian.org.
(Thu, 23 Nov 2017 15:15:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: src:shairport-sync
Severity: minor
Tags: patch upstream security
Owner: bootc@debian.org
Forwarded: https://github.com/mikebrady/shairport-sync/issues/619
I'm raising this bug as the maintainer of shairport-sync for tracking
this security issue in shairport-sync. The bug does NOT affect the
Debian binary packages of shairport-sync because tinysvcmdns is not used
in Debian.
Reply sent
to Chris Boot <bootc@debian.org>:
You have taken responsibility.
(Fri, 24 Nov 2017 10:51:08 GMT) (full text, mbox, link).
Notification sent
to Chris Boot <bootc@debian.org>:
Bug acknowledged by developer.
(Fri, 24 Nov 2017 10:51:08 GMT) (full text, mbox, link).
Message #10 received at 882508-close@bugs.debian.org (full text, mbox, reply):
Source: shairport-sync
Source-Version: 3.1.4-1
We believe that the bug you reported is fixed in the latest version of
shairport-sync, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 882508@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Chris Boot <bootc@debian.org> (supplier of updated shairport-sync package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 24 Nov 2017 10:21:43 +0000
Source: shairport-sync
Binary: shairport-sync
Architecture: source
Version: 3.1.4-1
Distribution: unstable
Urgency: medium
Maintainer: Chris Boot <bootc@debian.org>
Changed-By: Chris Boot <bootc@debian.org>
Description:
shairport-sync - AirPlay audio player
Closes: 882508
Changes:
shairport-sync (3.1.4-1) unstable; urgency=medium
.
* New upstream release:
- Fixes CVE-2017-12087 (Closes: #882508)
Please note that Debian binary packages are unaffected by this security
issue: the issue is present in a source file that is not built into the
binary included in Debian packages.
* Upload to unstable.
Checksums-Sha1:
f7f14f33e7c774c5700e496897487415b4d75bc8 2204 shairport-sync_3.1.4-1.dsc
79ad03a6f6018c1cd99a7f269ee17235c62b6dbf 300170 shairport-sync_3.1.4.orig.tar.gz
ff57fa7e457140491c31e107bbbeaa5816eaa272 7420 shairport-sync_3.1.4-1.debian.tar.xz
b1583a745b29face0f180ba2e12306288d7bd421 8557 shairport-sync_3.1.4-1_amd64.buildinfo
Checksums-Sha256:
2bc47da0637bb62ceafe9cdc87c611060f40720551997d9e6adb6e1562ae2948 2204 shairport-sync_3.1.4-1.dsc
4c5a2ab40ef49896f5b6e59b20df4f621ebce47ee64d8571336f59820ae66379 300170 shairport-sync_3.1.4.orig.tar.gz
502b0fbfc2629ac806cccea46ff9b8687324bf17e012c86093c5b01c4843d08a 7420 shairport-sync_3.1.4-1.debian.tar.xz
def9fe889900ff1ea8c28f4b00eda294d4681fe98d130609f5d93d6e61837e42 8557 shairport-sync_3.1.4-1_amd64.buildinfo
Files:
3532a734f4683d5bf51e2bd63fa17bb3 2204 sound optional shairport-sync_3.1.4-1.dsc
e3f0013c7e24c2dfe02bec59eac8c34b 300170 sound optional shairport-sync_3.1.4.orig.tar.gz
7f46ba7858d7f98bc16bfdca03397d2a 7420 sound optional shairport-sync_3.1.4-1.debian.tar.xz
4bb5ad4a24e1c5533d6994aed77d6fca 8557 sound optional shairport-sync_3.1.4-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE2oqQ9X/7HWR+QDTaQRpzPmfWT/4FAloX9ShfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldERB
OEE5MEY1N0ZGQjFENjQ3RTQwMzREQTQxMUE3MzNFNjdENjRGRkUACgkQQRpzPmfW
T/4KlA/6Ay889+OSTECW4aU+LziWn3+nHYNmfuwZ+grbMt9kHjl5krNetNDaGsR3
2uom9Dl/KUUitWoh6cVID7uOvzFbOpRS71IGJDiuDjDxmJArI0HjVz98hgOFQ51Z
8RY86TERZM5Wn9vhaJHLbVuaPLMttl3AunbZFgkNKw08wYf9kkviJdMv+XA9jUcP
Tk7zV1zYr6Mh9YUUpdwHYxseK0mdceV0QpJ9RgnQKyEmjDZgUp0e8OzeyKwmog80
al9c1rtcMxzkCEYbU9SgBiIxNwc2SbDt2OyRK1hx1BXKFqs4O8u6+MCRkoWCCuhs
LhwQKJXz8/zKECKQAadoqOGqvgCQwlrwJLE4ZBqOPPt04VHJdJM0T/kqJf6rUV/u
FYCWKsuRCXEyFUzjwiXgyff3JiiAeuWvtDK1/HVDPxc9tgDWluNcjywgGAb1d9PJ
EFWFN0jhr8wEyg0AMqO3Dlt/P9QQA6epSp9zlZh4etjHBxMHtJNjXoNTd9xGr5iI
yjbAfRWhFLAijs3+K0/oOSnGKie2qK3PADzwB86dmqLBaw5T3Cxbb1TSdEVP3Tle
X0ZyhF8JWqQXOSHxvLGxBsoykgLx2f5Rs9dvjj3ieRDR+iRi0ns7HeJSI0Kc1wjd
h0no22KxXZ1FJA8wENOIiQbzp2kNQVZ31p4OYhb+xWHPc0mL8cY=
=Ek0s
-----END PGP SIGNATURE-----
Marked as found in versions shairport-sync/3.1.3-1~exp1.
Request was from Chris Boot <bootc@debian.org>
to control@bugs.debian.org.
(Fri, 24 Nov 2017 11:00:06 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Wed, 27 Dec 2017 07:25:41 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 15:45:25 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon