-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5847-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
January 21, 2025                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : snapcast
CVE ID         : CVE-2023-36177

It was discovered that the JSON RPC interface of the server componenent
of Snapcast, a multi-room client-server audio player, allowed the
execution of arbitrary code.

For the stable distribution (bookworm), this problem has been fixed in
version 0.26.0+dfsg1-1+deb12u1.

We recommend that you upgrade your snapcast packages.

For the detailed security status of snapcast please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/snapcast

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmeP9ZEACgkQEMKTtsN8
TjardxAAvEnDOkrG9PWltWiBQNm0KzRZ06PgqD08BHGmDiEQE2fz/DzSb3Gt5C5m
SzoP1JKHhP7nWo/HjuJMILJJhRlxVOaSi3o+U45H+0BbH+VHa+qUrpPHDARuXsuk
exScqEPdH1lqC5v26h6SFyOS4SFsk6vTzGJhLCkVKU+Yxtq91eDSPqnUzvt1Uw1P
eDiX8fhCnm9mqj5uvIIt4zd+AJs0xJ79Bq/oKNgrlj02FQQf3qIXXqHw7CjCPXl1
BBN30gPLO9ibvKQlK5fsTuKwUNZsu3qdY/hTQ9qg+F4XKtETO5A65rVJWsaR8hEj
DLZeeyfw09FDwSvRABr8E5NNsonZvVUlhd2TEd7KWLVh0Ne39WA8dB0bdf2ZvcAX
Us0857CsoeLYic5JCNbxhg9A2mZFSkZl+vsKurmIWIOzDyBSxaFC0HzHbB5n2syj
uUEdKuX1sw7ZT9N+tvCxfsPAYQS2Ysikjz5gqcqe/pNXnPuZsXHw5zkHlqEmMxwo
igXEVSmJdn4dOQi3pB/TBTj6GnavgLvje9bMQih3AHcviZuaE1zNETvXsLDnJOzi
JozDj6Au5ggkOjdf+yhV1XLkRO9kRsVTyRR+Pxt9C2X6qz8sTj8IMeq1XY/fCJna
S4bwCy+tDuL0iZ1qWHUlLGNlmwsLENm4d+CXLaqZNVNC9QiKYwI=
=W/aT
-----END PGP SIGNATURE-----