Your message dated Mon, 04 Feb 2019 21:47:14 +0000
with message-id <[email protected]>
and subject line Bug#773720: fixed in sox 14.4.1-5+deb9u1
has caused the Debian Bug report #773720,
regarding sox: CVE-2014-8145
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
773720: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773720
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: sox
Version: 14.3.1-1
Severity: grave
Tags: security upstream
Hi,
the following vulnerability was published for sox.
CVE-2014-8145[0]:
two heap-based buffer overflows
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2014-8145
[1] http://www.ocert.org/advisories/ocert-2014-010.html
Patches are not yet attached/referenced in the advisory, but should be
referenced in upstream git repository soon.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: sox
Source-Version: 14.4.1-5+deb9u1
We believe that the bug you reported is fixed in the latest version of
sox, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated sox package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 01 Feb 2019 16:18:21 +0100
Source: sox
Binary: sox libsox2 libsox-fmt-base libsox-fmt-alsa libsox-fmt-ao
libsox-fmt-mp3 libsox-fmt-oss libsox-fmt-pulse libsox-fmt-all libsox-dev
Architecture: source
Version: 14.4.1-5+deb9u1
Distribution: stretch
Urgency: medium
Maintainer: Pascal Giard <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Closes: 773720
Description:
libsox-dev - Development files for the SoX library
libsox-fmt-all - All SoX format libraries
libsox-fmt-alsa - SoX alsa format I/O library
libsox-fmt-ao - SoX Libao format I/O library
libsox-fmt-base - Minimal set of SoX format libraries
libsox-fmt-mp3 - SoX MP2 and MP3 format library
libsox-fmt-oss - SoX OSS format I/O library
libsox-fmt-pulse - SoX PulseAudio format I/O library
libsox2 - SoX library of audio effects and processing
sox - Swiss army knife of sound processing
Changes:
sox (14.4.1-5+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Add patches for CVE-2014-8145 to series file and really apply fixes.
Thanks to Mike Salvatore for spotting the issue. (Closes: #773720)
Checksums-Sha1:
dfe40844d1bdae2311ce0fcc47ad464733c5993b 2818 sox_14.4.1-5+deb9u1.dsc
451ae46dd8c14e5399338469b52fca16737fbd14 13520
sox_14.4.1-5+deb9u1.debian.tar.xz
Checksums-Sha256:
4b1ef19966c78a030e3f7101398d3af0d3af92153845d6182fd754feb62fc9a3 2818
sox_14.4.1-5+deb9u1.dsc
e485136bc8f34ea2b08f359856e20b4a2f902643cc20f79a4217feed08dd4476 13520
sox_14.4.1-5+deb9u1.debian.tar.xz
Files:
3e0dd0b71ce9c5956a6bcaeb14f10c7b 2818 sound optional sox_14.4.1-5+deb9u1.dsc
b5e66f8f193eb54eddd284f2f2363998 13520 sound optional
sox_14.4.1-5+deb9u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlxUbYpfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EcY8P/2mB9Ue4nYPXv/+Zt0L9LVKxbsB3w8EI
hFXQnClmsLl112LzzRAH5y8AqspcKu6Os0SUAEX2xRhtC89feInoh3O2IHm1p3JD
hHG+GLlFMuMolvaPpk/2dqTyVStHE1ujf/grOCkIbqALbmTj1wRk49iFWuqSMR64
2e3onm15rlAkosd65ZKGLURsdSoW4YbwjSXgtHhxYpuXlDA/LmJMl5uVn//r4aHc
1C+hoov97ufOCyEMaMWk0TDoB5phbWio1/S/r73dQ2/OjFxAf16W4o2tDHP/lWRU
FYDlcn/e2isDKuSw7LPtCfFg06pCgHsnsNgGVk2hH3vsNKyPzWJXnZcTabt2PFKw
02C7cf5XFhLPkCNlU39gSnZbbATBhlume9+DwS+K7ymOUTprVGPeei4tVpSE3DcU
hjt0kTsiXK7B4gNq1vUc1zARc/yciNhG/TOgJ3K5XC4cLmi0e0OHyzOn34oaGXMV
Isjj5PklmjEJDkewh9bTkbV8DCVY5EFi7TNfQ+4+t/tfN3ZidVIqadBdRxGG/paU
8pd2LHnYi4T+CLDl9y/qHOIV7W/xTyU1Ctm9WcmIcDXiaH3wXgMXLyXCY2GbDjKc
pvp2I6ZJd8GG2s9YfWmSHTgTQN5GyQsQFuFip+Ao4YkpL4Xn6+/Mbgl6qIV0142A
Q/xBrR9xFxBd
=B3uc
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
pkg-multimedia-maintainers mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
