[ubuntu/disco-updates] sox 14.4.2-3ubuntu0.19.04.1 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Thu Aug 1 23:58:10 UTC 2019
sox (14.4.2-3ubuntu0.19.04.1) disco-security; urgency=medium
* SECURITY UPDATE: Integer overflow on the result of multiplication fed into
malloc.
- debian/patches/CVE-2019-8354.patch: fix possible buffer size overflow in
lsx_make_lpf()
- CVE-2019-8354
* SECURITY UPDATE: Integer overflow on the result of multiplication fed into
lsx_valloc macro that wraps malloc.
- debian/patches/CVE-2019-8355.patch: fix possible overflow in
lsx_(re)valloc() size calculation
- CVE-2019-8355
* SECURITY UPDATE: Stack-based buffer overflow can lead to write access
outside of the statically declared array.
- debian/patches/CVE-2019-8356.patch: fft4g bail if size too large.
- CVE-2019-8356
* SECURITY UPDATE: NULL pointer deference in lsx_make_lpf.
- debian/patches/CVE-2019-8357.patch: fix possible null pointer deref in
lsx_make_lpf()
- CVE-2019-8357
Date: 2019-08-01 20:59:19.692425+00:00
Changed-By: Eduardo dos Santos Barretto <eduardo.barretto at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/sox/14.4.2-3ubuntu0.19.04.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Disco-changes
mailing list