[ubuntu/xenial-security] sox 14.4.1-5+deb8u4ubuntu0.1 (Accepted)

Eduardo dos Santos Barretto eduardo.barretto at canonical.com
Tue Jul 30 19:04:31 UTC 2019

sox (14.4.1-5+deb8u4ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: Merge from Debian
    - Fixes:
      - CVE-2019-8354
      - CVE-2019-8356
      - CVE-2019-8357
    - Fixes overwritten by Debian:
      - CVE-2017-11332
      - CVE-2017-11358
      - CVE-2017-11359
      - CVE-2017-15370
      - CVE-2017-15371
      - CVE-2017-15372
      - CVE-2017-15642
      - CVE-2017-18189
    - Ignored Debian's "override_dh_strip" in debian/rules as this change was
      made by mistake

sox (14.4.1-5+deb8u4) jessie-security; urgency=medium

  * Non-maintainer upload by the LTS Team.
  * CVE-2019-8354, CVE-2019-8355: buffer overflow in valloc functions.
  * CVE-2019-8356: stack-based buffer overflow in bitrv2().
  * CVE-2019-8357: NULL pointer dereference in lsx_make_lpf().

sox (14.4.1-5+deb8u3) jessie-security; urgency=high

  * Non-maintainer upload by the LTS Team.
  * CVE-2017-15371: reachable assertion in sox_append_comment() (formats.c)
    (Closes: #878809).
  * CVE-2017-11359: divide-by-zero error wavwritehdr function (wav.c)
    (Closes: #870328).
  * CVE-2017-11332: divide-by-zero error in startread function (wav.c).
  * CVE-2017-11358: invalid memory read in read_samples function (hcom.c).

sox (14.4.1-5+deb8u2) jessie-security; urgency=high

  * Non-maintainer upload by the LTS Team.
  * CVE-2017-15370: heap-based buffer overflow in the ImaExpandS function
    of ima_rw.c (Closes: #878810).
  * CVE-2017-15372: stack-based buffer overflow in the
    lsx_ms_adpcm_block_expand_i function of adpcm.c (Closes: #878808).
  * CVE-2017-18189: null pointer dereference caused by corrupt header
    specifying zero channels, sending read_channels() into an infinite loop
    (Closes: #881121).
  * CVE-2017-15642: use-after-free in output_message, triggered by crafted
    aiff file (Closes: #882144).

sox (14.4.1-5+deb8u1) jessie-security; urgency=medium

  * Non-maintainer upload.
  * Add patches for CVE-2014-8145 to series file and really apply fixes.
    Thanks to Mike Salvatore for spotting the issue. (Closes: #773720)

Date: 2019-07-30 17:01:14.288185+00:00
Changed-By: Eduardo dos Santos Barretto <eduardo.barretto at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Xenial-changes mailing list