Hi Pascal, On Mon, Dec 22, 2014 at 11:06:20AM -0500, Pascal Giard wrote: > On Mon, Dec 22, 2014 at 10:55 AM, Salvatore Bonaccorso > <car...@debian.org> wrote: > > Source: sox > > Version: 14.3.1-1 > > Severity: grave > > Tags: security upstream > > > > Hi, > > > > the following vulnerability was published for sox. > > > > CVE-2014-8145[0]: > > two heap-based buffer overflows > > > > If you fix the vulnerability please also make sure to include the > > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > > > For further information see: > > > > [0] https://security-tracker.debian.org/tracker/CVE-2014-8145 > > [1] http://www.ocert.org/advisories/ocert-2014-010.html > > > > Patches are not yet attached/referenced in the advisory, but should be > > referenced in upstream git repository soon. > > Hi, > I've a package ready for wheezy-security and I've notified the security team. > > However, before uploading it I've been waiting for their permission as > the documentation says. I have yet to hear from the team.
Jupp, thats fine, I have seen it. I will follow-up on the other mail shortly. > Note that I have not prepared a package for oldstable, I am suppose to > do that as well? If you want yes, the following link gives the documentation for it https://wiki.debian.org/LTS/Development . Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
