[ubuntu/bionic-updates] sox 14.4.2-3ubuntu0.18.04.2 (Accepted)

Ubuntu Archive Robot ubuntu-archive-robot at lists.canonical.com
Thu Mar 2 11:58:14 UTC 2023 

sox (14.4.2-3ubuntu0.18.04.2) bionic-security; urgency=medium

  * SECURITY UPDATE: Denial of Service
    - debian/patches/CVE-2019-13590.patch: fixed a possible buffer overflow
      in startread function.
    - debian/patches/CVE-2021-23159.patch: fixed a possible buffer overflow
      in lsx_read_w_buf function (CVE-2021-23159) and in startread function
      (CVE-2021-23172)
    - debian/patches/CVE-2021-33844.patch: fixed a possible division by zero
      in startread function
    - debian/patches/CVE-2021-3643.patch: fixed a possible buffer overflow
      (CVE-2021-3643) and a possible division by zero (CVE-2021-23210) in
      voc component
    - debian/patches/CVE-2021-40426.patch: fixed a possible buffer overflow
      in start_read function
    - debian/patches/CVE-2022-31650.patch: fixed a possible floating-point
      exception in lsx_aiffstartwrite function
    - debian/patches/CVE-2022-31651.patch: fixed a possible assertion failure
      in rate_init function
    - debian/patches/fix-hcom-big-endian.patch: fixed a possible assertion
      failure in hcom component
    - debian/patches/fix-resource-leak-comments.patch: fixed a possible 
      unexpected behaviour on input parsing failure in formats component
    - debian/patches/fix-resource-leak-hcom.patch: fixed a possible
      unexpected behaviour on failure in hcom component
    - CVE-2019-13590
    - CVE-2021-23159
    - CVE-2021-23172
    - CVE-2021-33844
    - CVE-2021-3643
    - CVE-2021-23210
    - CVE-2021-40426
    - CVE-2022-31650
    - CVE-2022-31651
  * SECURITY UPDATE: Regression
    - debian/patches/CVE-2017-11358-revised.patch: fixed a regression caused
      by another patch.
    - CVE-2017-11358

Date: 2023-03-01 16:59:12.458503+00:00
Changed-By: Amir Naseredini <amir.naseredini at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/sox/14.4.2-3ubuntu0.18.04.2
-------------- next part --------------
Sorry, changesfile not available.

More information about the Bionic-changes mailing list