-
sox (14.4.2-3ubuntu0.18.04.3) bionic-security; urgency=medium
* SECURITY REGRESSION: Denial of Service
- debian/patches/CVE-2021-33844.patch: fixed regression in wav-gsm
decodeing introduced via fixing CVE-2021-33844.
- CVE-2021-33844
-- Amir Naseredini <email address hidden> Fri, 17 Mar 2023 16:56:11 +0000
-
sox (14.4.2-3ubuntu0.18.04.2) bionic-security; urgency=medium
* SECURITY UPDATE: Denial of Service
- debian/patches/CVE-2019-13590.patch: fixed a possible buffer overflow
in startread function.
- debian/patches/CVE-2021-23159.patch: fixed a possible buffer overflow
in lsx_read_w_buf function (CVE-2021-23159) and in startread function
(CVE-2021-23172)
- debian/patches/CVE-2021-33844.patch: fixed a possible division by zero
in startread function
- debian/patches/CVE-2021-3643.patch: fixed a possible buffer overflow
(CVE-2021-3643) and a possible division by zero (CVE-2021-23210) in
voc component
- debian/patches/CVE-2021-40426.patch: fixed a possible buffer overflow
in start_read function
- debian/patches/CVE-2022-31650.patch: fixed a possible floating-point
exception in lsx_aiffstartwrite function
- debian/patches/CVE-2022-31651.patch: fixed a possible assertion failure
in rate_init function
- debian/patches/fix-hcom-big-endian.patch: fixed a possible assertion
failure in hcom component
- debian/patches/fix-resource-leak-comments.patch: fixed a possible
unexpected behaviour on input parsing failure in formats component
- debian/patches/fix-resource-leak-hcom.patch: fixed a possible
unexpected behaviour on failure in hcom component
- CVE-2019-13590
- CVE-2021-23159
- CVE-2021-23172
- CVE-2021-33844
- CVE-2021-3643
- CVE-2021-23210
- CVE-2021-40426
- CVE-2022-31650
- CVE-2022-31651
* SECURITY UPDATE: Regression
- debian/patches/CVE-2017-11358-revised.patch: fixed a regression caused
by another patch.
- CVE-2017-11358
-- Amir Naseredini <email address hidden> Wed, 01 Mar 2023 10:21:11 +0000
-
sox (14.4.2-3ubuntu0.18.04.1) bionic-security; urgency=medium
* SECURITY UPDATE: Integer overflow on the result of multiplication fed into
malloc.
- debian/patches/CVE-2019-8354.patch: fix possible buffer size overflow in
lsx_make_lpf()
- CVE-2019-8354
* SECURITY UPDATE: Integer overflow on the result of multiplication fed into
lsx_valloc macro that wraps malloc.
- debian/patches/CVE-2019-8355.patch: fix possible overflow in
lsx_(re)valloc() size calculation
- CVE-2019-8355
* SECURITY UPDATE: Stack-based buffer overflow can lead to write access
outside of the statically declared array.
- debian/patches/CVE-2019-8356.patch: fft4g bail if size too large.
- CVE-2019-8356
* SECURITY UPDATE: NULL pointer deference in lsx_make_lpf.
- debian/patches/CVE-2019-8357.patch: fix possible null pointer deref in
lsx_make_lpf()
- CVE-2019-8357
-- Eduardo Barretto <email address hidden> Thu, 01 Aug 2019 12:27:09 -0300
-
sox (14.4.2-3) unstable; urgency=medium
* Patch 0005 refreshed. (Closes: #882599)
* Improve english in d/bug-presubj file. (Closes: #882601)
* Bump Standards.
* Use secure uri where possible.
-- Jaromír Mikeš <email address hidden> Mon, 18 Dec 2017 14:55:07 +0100
-
sox (14.4.2-2) unstable; urgency=medium
* Upload to unstable to start transition.
* Add patch to fix CVE-2017-15372. (Closes: #878808)
* Add patch to fix CVE-2017-15642. (Closes: #882144)
* Add patch to fix CVE-2017-11333 in vorbis lib. (Closes: #882236)
-- Jaromír Mikeš <email address hidden> Fri, 24 Nov 2017 09:12:48 +0100
-
sox (14.4.1-5build1) yakkety; urgency=medium
* No-change rebuild for libpng soname change.
-- Matthias Klose <email address hidden> Sat, 23 Apr 2016 00:23:58 +0000
