[ubuntu/disco-security] sox 14.4.2-3ubuntu0.19.04.1 (Accepted)

Eduardo dos Santos Barretto eduardo.barretto at canonical.com
Thu Aug 1 23:23:47 UTC 2019


sox (14.4.2-3ubuntu0.19.04.1) disco-security; urgency=medium

  * SECURITY UPDATE: Integer overflow on the result of multiplication fed into
    malloc.
    - debian/patches/CVE-2019-8354.patch: fix possible buffer size overflow in
      lsx_make_lpf()
    - CVE-2019-8354
  * SECURITY UPDATE: Integer overflow on the result of multiplication fed into
    lsx_valloc macro that wraps malloc.
    - debian/patches/CVE-2019-8355.patch: fix possible overflow in
      lsx_(re)valloc() size calculation
    - CVE-2019-8355
  * SECURITY UPDATE: Stack-based buffer overflow can lead to write access
    outside of the statically declared array.
    - debian/patches/CVE-2019-8356.patch: fft4g bail if size too large.
    - CVE-2019-8356
  * SECURITY UPDATE: NULL pointer deference in lsx_make_lpf.
    - debian/patches/CVE-2019-8357.patch: fix possible null pointer deref in
      lsx_make_lpf()
    - CVE-2019-8357

Date: 2019-08-01 20:59:19.692425+00:00
Changed-By: Eduardo dos Santos Barretto <eduardo.barretto at canonical.com>
https://launchpad.net/ubuntu/+source/sox/14.4.2-3ubuntu0.19.04.1
-------------- next part --------------
Sorry, changesfile not available.


More information about the Disco-changes mailing list