Your message dated Wed, 24 Dec 2014 18:32:11 +0000 with message-id <e1y3qjd-0000fu...@franck.debian.org> and subject line Bug#773720: fixed in sox 14.4.0-3+deb7u1 has caused the Debian Bug report #773720, regarding sox: CVE-2014-8145 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 773720: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773720 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: sox Version: 14.3.1-1 Severity: grave Tags: security upstream Hi, the following vulnerability was published for sox. CVE-2014-8145[0]: two heap-based buffer overflows If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2014-8145 [1] http://www.ocert.org/advisories/ocert-2014-010.html Patches are not yet attached/referenced in the advisory, but should be referenced in upstream git repository soon. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: sox Source-Version: 14.4.0-3+deb7u1 We believe that the bug you reported is fixed in the latest version of sox, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 773...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Pascal Giard <pas...@debian.org> (supplier of updated sox package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 22 Dec 2014 12:25:43 -0500 Source: sox Binary: sox libsox2 libsox-fmt-base libsox-fmt-alsa libsox-fmt-ao libsox-fmt-ffmpeg libsox-fmt-mp3 libsox-fmt-oss libsox-fmt-pulse libsox-fmt-all libsox-dev Architecture: source Version: 14.4.0-3+deb7u1 Distribution: wheezy-security Urgency: high Maintainer: Pascal Giard <pas...@debian.org> Changed-By: Pascal Giard <pas...@debian.org> Description: libsox-dev - Development files for the SoX library libsox-fmt-all - All SoX format libraries libsox-fmt-alsa - SoX alsa format I/O library libsox-fmt-ao - SoX Libao format I/O library libsox-fmt-base - Minimal set of SoX format libraries libsox-fmt-ffmpeg - SoX ffmpeg format library libsox-fmt-mp3 - SoX MP2 and MP3 format library libsox-fmt-oss - SoX OSS format I/O library libsox-fmt-pulse - SoX PulseAudio format I/O library libsox2 - SoX library of audio effects and processing sox - Swiss army knife of sound processing Closes: 773720 Changes: sox (14.4.0-3+deb7u1) wheezy-security; urgency=high . * Patches to fix memory corruptions on the heap, CVE-2014-8145 (closes: #773720): + 0001-Check-for-minimum-size-sphere-headers.patch + 0002-More-checks-for-invalid-MS-ADPCM-blocks.patch Checksums-Sha1: 38f8a7a4d4e81a904321cd9601e0f5d4bc9bd6a7 2625 sox_14.4.0-3+deb7u1.dsc 5a47eee52dc81269eaa17c2f0526e700611e9297 1104124 sox_14.4.0.orig.tar.gz 887cd76e27b40f5db5198e7c8a6bc40ba7aff7ce 13881 sox_14.4.0-3+deb7u1.diff.gz Checksums-Sha256: dbf4358079a5c6d87bff7d251af0c80df27ca59c3fa76c9c4bbb33970f579f7c 2625 sox_14.4.0-3+deb7u1.dsc 2ba4d9f4ce7c0e38417a385902e6396eb8e94867659316679ddab1e100b8cb7d 1104124 sox_14.4.0.orig.tar.gz 58b2eba60a39a80772868ab9c94f0d991577b211711f2e5a93b94ed75a247234 13881 sox_14.4.0-3+deb7u1.diff.gz Files: 5b725cb02e9740e62ab16a5d4df0f01a 2625 sound optional sox_14.4.0-3+deb7u1.dsc 42ede45f3cfc48aa97eb9daccedc9b3c 1104124 sound optional sox_14.4.0.orig.tar.gz 1fcf5ee7b8ccb6c4713d05b991272e60 13881 sound optional sox_14.4.0-3+deb7u1.diff.gz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJUmKoKAAoJEL5c9ofcWrfCLFMP/A/TFRqP8noPSI/3qMlmgvQY TwS5dcuIehm0b+TxDUiNuXw0KR4JmIgQ6mzzx/bf6EXuK3LUuGv13lnHsELVnNkk FDPXK+Ucw66Fy9+Wu4lHpr0YfoszTUJNTu2LnGgfNnY9RTKE1dJBgdx2L9+tdqMo 9jRi3tRAy+MeQlihEuY/7mXei5xp04xkitGIK4fvxAXmM9v+qlJ/sh92jjlQAtT7 VLBjgfoMyTFtz8u8aAMQ9N1Ml/xMZbYfvpE09yO2Tcc9VZ2sWDR2Sl9pKATPdSWZ aAoutC0GKy2UCP5CUovgbK5e8XxKmqR8AWWXd7dNnsvzNO2fvKfOubTNDMzJK3kY NiKoB/t2Si7EYfWhh1iVQpzHWXgFMk8yzAoZ+rruEG+N5dqsoJed0VFlctZaf3F8 mohJmy03AYyZ/OSrLEdNhtCQihjPUMiYCfjynY/zva8CPHj3vOkJhnmbX5sbib5A 74xMU7sPOHvNxaovpmCs+NsBvc+CxJ2rxOoXv6e4mqBQ57JlXzY5z8qHZmuE7V9c YfcEpfOV+E0LOZTR87a1TIyylaBq1S790fF6+iebuiD8La6B4UbpAgipncD1y1+4 pWtmDG22NjpddhMUNK0SznPEJu6XHIr2OmUtojkY8W19zvr2vqIFjjiCV9o1Z98Q lgg7dbIxzdHGxkQGhnqZ =RxP3 -----END PGP SIGNATURE-----
--- End Message ---
