On Mon, Dec 22, 2014 at 10:55 AM, Salvatore Bonaccorso <car...@debian.org> wrote: > Source: sox > Version: 14.3.1-1 > Severity: grave > Tags: security upstream > > Hi, > > the following vulnerability was published for sox. > > CVE-2014-8145[0]: > two heap-based buffer overflows > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2014-8145 > [1] http://www.ocert.org/advisories/ocert-2014-010.html > > Patches are not yet attached/referenced in the advisory, but should be > referenced in upstream git repository soon.
Hi, I've a package ready for wheezy-security and I've notified the security team. However, before uploading it I've been waiting for their permission as the documentation says. I have yet to hear from the team. Note that I have not prepared a package for oldstable, I am suppose to do that as well? -Pascal -- Homepage (http://organact.mine.nu) Debian GNU/Linux (http://www.debian.org) COMunité/LACIME: École de technologie supérieure (http://www.comunite.ca) ISIP Laboratory: McGill (http://www.isip.ece.mcgill.ca) -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org