Your message dated Fri, 24 Nov 2017 09:21:30 +0000 with message-id <e1eiaas-0001ds...@fasolo.debian.org> and subject line Bug#878808: fixed in sox 14.4.2-2 has caused the Debian Bug report #878808, regarding sox: CVE-2017-15372: stack-buffer-overflow src/adpcm.c:126 in lsx_ms_adpcm_block_expand_i to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 878808: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878808 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: sox Version: 14.4.1-5 Severity: important Tags: security upstream Hi, the following vulnerability was published for sox. CVE-2017-15372[0]: | There is a stack-based buffer overflow in the | lsx_ms_adpcm_block_expand_i function of adpcm.c in Sound eXchange (SoX) | 14.4.2. A Crafted input will lead to a denial of service attack during | conversion of an audio file. With an ASAN build and ./src/sox ~/01-stack-overflow out.snd ================================================================= ==4852==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fff9b73d8a4 at pc 0x7fae2c9b322d bp 0x7fff9b73d7e0 sp 0x7fff9b73d7d8 WRITE of size 2 at 0x7fff9b73d8a4 thread T0 #0 0x7fae2c9b322c in lsx_ms_adpcm_block_expand_i src/adpcm.c:126 #1 0x7fae2c9b672b in AdpcmReadBlock src/wav.c:176 #2 0x7fae2c9bd5b0 in read_samples src/wav.c:1029 #3 0x7fae2c88e1fb in sox_read src/formats.c:973 #4 0x406096 in sox_read_wide src/sox.c:490 #5 0x406a6e in combiner_drain src/sox.c:552 #6 0x7fae2c8c1fe1 in drain_effect src/effects.c:318 #7 0x7fae2c8c2ffe in sox_flow_effects src/effects.c:387 #8 0x4122da in process src/sox.c:1794 #9 0x41b386 in main src/sox.c:3012 #10 0x7fae2bd622e0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202e0) #11 0x402f49 in _start (/root/sox-14.4.1/src/.libs/sox+0x402f49) Address 0x7fff9b73d8a4 is located in stack of thread T0 at offset 68 in frame #0 0x7fae2c9b3063 in lsx_ms_adpcm_block_expand_i src/adpcm.c:112 This frame has 1 object(s): [32, 64) 'state' <== Memory access at offset 68 overflows this variable HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-buffer-overflow src/adpcm.c:126 in lsx_ms_adpcm_block_expand_i Shadow bytes around the buggy address: 0x1000736dfac0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x1000736dfad0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x1000736dfae0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x1000736dfaf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x1000736dfb00: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 =>0x1000736dfb10: 00 00 00 00[f3]f3 f3 f3 00 00 00 00 00 00 00 00 0x1000736dfb20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x1000736dfb30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x1000736dfb40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x1000736dfb50: 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 f2 0x1000736dfb60: f2 f2 f2 f2 f2 f2 00 f2 f2 f2 f3 f3 f3 f3 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==4852==ABORTING If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-15372 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15372 [1] https://bugzilla.redhat.com/show_bug.cgi?id=1500553 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
01-stack-overflow
Description: Wave audio
--- End Message ---
--- Begin Message ---Source: sox Source-Version: 14.4.2-2 We believe that the bug you reported is fixed in the latest version of sox, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 878...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Jaromír Mikeš <mira.mi...@seznam.cz> (supplier of updated sox package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 24 Nov 2017 09:12:48 +0100 Source: sox Binary: sox libsox3 libsox-fmt-base libsox-fmt-alsa libsox-fmt-ao libsox-fmt-mp3 libsox-fmt-oss libsox-fmt-pulse libsox-fmt-all libsox-dev Architecture: source Version: 14.4.2-2 Distribution: unstable Urgency: medium Maintainer: Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org> Changed-By: Jaromír Mikeš <mira.mi...@seznam.cz> Description: libsox-dev - Development files for the SoX library libsox-fmt-all - All SoX format libraries libsox-fmt-alsa - SoX alsa format I/O library libsox-fmt-ao - SoX Libao format I/O library libsox-fmt-base - Minimal set of SoX format libraries libsox-fmt-mp3 - SoX MP2 and MP3 format library libsox-fmt-oss - SoX OSS format I/O library libsox-fmt-pulse - SoX PulseAudio format I/O library libsox3 - SoX library of audio effects and processing sox - Swiss army knife of sound processing Closes: 878808 882144 882236 Changes: sox (14.4.2-2) unstable; urgency=medium . * Upload to unstable to start transition. * Add patch to fix CVE-2017-15372. (Closes: #878808) * Add patch to fix CVE-2017-15642. (Closes: #882144) * Add patch to fix CVE-2017-11333 in vorbis lib. (Closes: #882236) Checksums-Sha1: b8ab4c36c8ec68dcbcd604bb7391a4180d4f5962 2758 sox_14.4.2-2.dsc 287b90c95ac1cf1e505f302bab797411fc75c7c5 22864 sox_14.4.2-2.debian.tar.xz f7ff435ee3603350e01fc32ad1d6d549e41fdd7c 12434 sox_14.4.2-2_amd64.buildinfo Checksums-Sha256: 3fd4152facadfe95b14b2dba9ed273f8b613f9b6e0cc4508a204177480156776 2758 sox_14.4.2-2.dsc 24ae960b7f5f00cb3fca668bbe5ea2d2b4619d953e8914240f5ce28104aa7e0c 22864 sox_14.4.2-2.debian.tar.xz 3f3a36a467db4e4f74003de097a4025c079628c5a118f49a756b3d349b4d3324 12434 sox_14.4.2-2_amd64.buildinfo Files: b712e055958a93008d7e87e4da7017fe 2758 sound optional sox_14.4.2-2.dsc 4760968c44056b1600c8897ab66f0a0d 22864 sound optional sox_14.4.2-2.debian.tar.xz c6d792bdf47b24bb52f3daabc041ff5f 12434 sound optional sox_14.4.2-2_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQJJBAEBCgAzFiEESlQ1E9LfY1GoF46jWwGUVeK4T6UFAloX1kkVHG1pcmEubWlr ZXNAc2V6bmFtLmN6AAoJEFsBlFXiuE+lK70QALIckxm/FQ43TX6XCwOrRWnrZmAm YhIbFds7NJCp6yaO5HczrpNZAD9brDVwkU4ZVYohwLK1pqk13hPcyiIPfTM3EG/h /fXXJ1PQYgGbn+asbzgziP5k0BZBBBxRh4rH2ODKU4w7nlLmu/femJugBRTtpQ6e rIX4kbUqix1FU88uoIqBXPRUrHsrhmQqcmzeVDCuM9Tuy6GoHQ/MzDfYbEOmNdd/ wnKQsIH/1zBm85y/+1DwT9C0X4eO8eEno1aLi6zKtVobZorhv/pT0oPmo8mamEqH T2Bfw6fObGC8Ef+WBxMvU6NZVdM+FDmO1CfPMNDuJ5fIv5Ii3702o2qBSvlk6/2s CslJlqUGmU4/ZY+6XgnY++qPdp32GszhwV8P7cPT+8LSXc3DbTdELhyu2cRVampn +Xu1HPk06OpjHNOGng/v7bjrYbOrTqZUBqg8WHh9a6it8akOTGcAWXrL62tfrAOV 9iGJTQ5N5+DhxGkAg7O5S2NpSzWe0eghS/MHYMZ+aCWxxsIa3NErVjVTwPC1pP2p uPrTPSJObvKiSOTbZPTpdENa+Q8KZe4TRM6T1EgxXFYEGKtutlnLZIcJDFfsb6DH MoVnaldrWM8SKUiB8MBHLsy7FPiFSRs9LnwcRJ0r6c5ZcSs9IH7kJ4ISuAHCAKjX eOIGe9+bUP25VbHk =KDL4 -----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
