On Mon, Dec 22, 2014 at 10:55 AM, Salvatore Bonaccorso
<car...@debian.org> wrote:
> Source: sox
> Version: 14.3.1-1
> Severity: grave
> Tags: security upstream
>
> Hi,
>
> the following vulnerability was published for sox.
>
> CVE-2014-8145[0]:
> two heap-based buffer overflows
>
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>
> For further information see:
>
> [0] https://security-tracker.debian.org/tracker/CVE-2014-8145
> [1] http://www.ocert.org/advisories/ocert-2014-010.html
>
> Patches are not yet attached/referenced in the advisory, but should be
> referenced in upstream git repository soon.

Hi,
 I've a package ready for wheezy-security and I've notified the security team.

However, before uploading it I've been waiting for their permission as
the documentation says. I have yet to hear from the team.

Note that I have not prepared a package for oldstable, I am suppose to
do that as well?

-Pascal
-- 
Homepage (http://organact.mine.nu)
Debian GNU/Linux (http://www.debian.org)
COMunité/LACIME: École de technologie supérieure (http://www.comunite.ca)
ISIP Laboratory: McGill (http://www.isip.ece.mcgill.ca)


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to