On Mon, Jun 27, 2022 at 05:08:21PM +0200, Moritz Muehlenhoff wrote: > The only relevant open CVE ID for sox is CVE-2021-40426, the other ones > are completely negligible. But it's unclear to which extent CVE-2021-40426 > was reported upstream, > https://talosintelligence.com/vulnerability_reports/TALOS-2021-1434 > mentions "2022-01-14 - Follow up with vendor; vendor acknowledged", but it's > e.g. not found in the existing bug tracker, so I think reporting it in their > tracker with a question of the status of a patch is a sensible first step. > If they state they are too busy, work could resume on writing one.
Thank you! I opened https://sourceforge.net/p/sox/bugs/362/ and marked all other CVEs as no-dsa. Enrico -- GPG key: 4096R/634F4BD1E7AD5568 2009-05-08 Enrico Zini <enr...@enricozini.org>
signature.asc
Description: PGP signature
