Your message dated Sat, 11 Nov 2023 17:36:14 +0000 with message-id <e1r1ru2-001viz...@fasolo.debian.org> and subject line Bug#1041112: fixed in sox 14.4.2+git20190427-4 has caused the Debian Bug report #1041112, regarding sox: CVE-2023-32627 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1041112: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041112 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: sox X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for sox. CVE-2023-32627[0]: | A floating point exception vulnerability was found in sox, in the | read_samples function at sox/src/voc.c:334:18. This flaw can lead to | a denial of service. https://bugzilla.redhat.com/show_bug.cgi?id=2212282 https://sourceforge.net/p/sox/bugs/369/ If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-32627 https://www.cve.org/CVERecord?id=CVE-2023-32627 Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---Source: sox Source-Version: 14.4.2+git20190427-4 Done: Sebastian Ramacher <sramac...@debian.org> We believe that the bug you reported is fixed in the latest version of sox, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1041...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Sebastian Ramacher <sramac...@debian.org> (supplier of updated sox package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 11 Nov 2023 18:26:02 +0100 Source: sox Architecture: source Version: 14.4.2+git20190427-4 Distribution: unstable Urgency: medium Maintainer: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org> Changed-By: Sebastian Ramacher <sramac...@debian.org> Closes: 1041112 Changes: sox (14.4.2+git20190427-4) unstable; urgency=medium . * Team upload . [ Debian Janitor ] * Update standards version to 4.6.1, no changes needed. * Avoid explicitly specifying -Wl,--as-needed linker flag. * Remove constraints unnecessary since buster (oldstable) . [ Sebastian Ramacher ] * debian/control: - Bump Standards-Version - Bump debhelper compat to 13 * debian/patches: Refresh patches . [ Bastien Roucariès ] * Add patch for CVE-2023-32627 (Closes: #1041112) Checksums-Sha1: 922719b81828da02c98fbec98fd6459e6fba0fe1 2273 sox_14.4.2+git20190427-4.dsc 9676e842ebb225fab2e5ed034d8a2cc10a2d31c6 28588 sox_14.4.2+git20190427-4.debian.tar.xz Checksums-Sha256: b32ff4c782a96097c865d138b01f7f6f47db29de8168c644d02ae47ac8baae46 2273 sox_14.4.2+git20190427-4.dsc 34f3616cdcda552b0d36f0ef80b74735cbc91846af403cc8adad0c8f9fc93039 28588 sox_14.4.2+git20190427-4.debian.tar.xz Files: b10cd5f1203bc8707bc61410971870a1 2273 sound optional sox_14.4.2+git20190427-4.dsc addc364ef522f59cc4da245ea5392848 28588 sound optional sox_14.4.2+git20190427-4.debian.tar.xz -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQRCYn6EHZln2oPh+pAhk2s2YA/NiQUCZU+5zgAKCRAhk2s2YA/N iaofAQCVifaO2WtDi2k7I9GPzkuXXU4Fvu4TN3us010mvUB+QgEA5GyM4v4GwZPy bjAULPXf71Ipzx0rCsyCayzkg/VsSwk= =UTGi -----END PGP SIGNATURE-----
--- End Message ---
