From: Mike Brady <mikebrady@eircom.net>
Date: Thu, 23 Nov 2017 15:48:14 +0000 (+0000)
Subject: Update RELEASENOTES.md
X-Git-Tag: 3.2d13~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3108fae08a9fae06eea5a8fc0276d6246b0ed53e;p=thirdparty%2Fshairport-sync.git

Update RELEASENOTES.md
---

diff --git a/RELEASENOTES.md b/RELEASENOTES.md
index c46ba790..b58624db 100644
--- a/RELEASENOTES.md
+++ b/RELEASENOTES.md
@@ -2,8 +2,8 @@ Version 3.2d13
 ====
 **Security Update**
 
-* The version of `tinysvcmdns` bundled in Shairport Sync has a buffer overflow bug: *"An exploitable heap overflow vulnerability exists in the tinysvcmdns library version 2016-07-18. A specially crafted packet can make the library overwrite an arbitrary amount of data on the heap with attacker controlled values. An attacker needs send a dns packet to trigger this vulnerability."* The vulnerability is addressed  by additional checking on packet sizes. See also [Vulnerability in tinysvcmdns](https://bugs.launchpad.net/ubuntu/+source/shairport-sync/+bug/1729668). CVE-2017-12087.
-Thanks and [Chris Boot](https://github.com/bootc) for fixing this bug. 
+* The version of `tinysvcmdns` bundled in Shairport Sync has a buffer overflow bug: *"An exploitable heap overflow vulnerability exists in the tinysvcmdns library version 2016-07-18. A specially crafted packet can make the library overwrite an arbitrary amount of data on the heap with attacker controlled values. An attacker needs send a dns packet to trigger this vulnerability."* The vulnerability is addressed  by additional checking on packet sizes. See also [CVE-2017-12087](https://bugs.launchpad.net/bugs/cve/2017-12087) and [Vulnerability in tinysvcmdns](https://bugs.launchpad.net/ubuntu/+source/shairport-sync/+bug/1729668).
+Thanks and [Chris Boot](https://github.com/bootc) for fixing this bug.
 
 Version 3.2d12
 ====