Your message dated Wed, 24 Dec 2014 21:52:53 +0000 with message-id <e1y3trr-00050a...@franck.debian.org> and subject line Bug#773720: fixed in sox 14.4.1-5 has caused the Debian Bug report #773720, regarding sox: CVE-2014-8145 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 773720: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773720 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: sox Version: 14.3.1-1 Severity: grave Tags: security upstream Hi, the following vulnerability was published for sox. CVE-2014-8145[0]: two heap-based buffer overflows If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2014-8145 [1] http://www.ocert.org/advisories/ocert-2014-010.html Patches are not yet attached/referenced in the advisory, but should be referenced in upstream git repository soon. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: sox Source-Version: 14.4.1-5 We believe that the bug you reported is fixed in the latest version of sox, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 773...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Pascal Giard <pas...@debian.org> (supplier of updated sox package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 24 Dec 2014 14:33:55 -0500 Source: sox Binary: sox libsox2 libsox-fmt-base libsox-fmt-alsa libsox-fmt-ao libsox-fmt-mp3 libsox-fmt-oss libsox-fmt-pulse libsox-fmt-all libsox-dev Architecture: source amd64 Version: 14.4.1-5 Distribution: unstable Urgency: medium Maintainer: Pascal Giard <pas...@debian.org> Changed-By: Pascal Giard <pas...@debian.org> Description: libsox-dev - Development files for the SoX library libsox-fmt-all - All SoX format libraries libsox-fmt-alsa - SoX alsa format I/O library libsox-fmt-ao - SoX Libao format I/O library libsox-fmt-base - Minimal set of SoX format libraries libsox-fmt-mp3 - SoX MP2 and MP3 format library libsox-fmt-oss - SoX OSS format I/O library libsox-fmt-pulse - SoX PulseAudio format I/O library libsox2 - SoX library of audio effects and processing sox - Swiss army knife of sound processing Closes: 773720 Changes: sox (14.4.1-5) unstable; urgency=medium . * Patches to fix memory corruptions on the heap, CVE-2014-8145 (closes: #773720): + 0001-Check-for-minimum-size-sphere-headers.patch + 0002-More-checks-for-invalid-MS-ADPCM-blocks.patch Checksums-Sha1: d1592d5e8eb09b10882a140ea66ee1fe933163ca 2621 sox_14.4.1-5.dsc 71f05afc51e3d9b03376b2f98fd452d3a274d595 1111653 sox_14.4.1.orig.tar.gz 65e215bc9eb323345209f181f303cd12c44a9784 13448 sox_14.4.1-5.debian.tar.xz 47f7b9da714649aa461ff39643b517e16d773ce6 137074 sox_14.4.1-5_amd64.deb 69616e6a4ce5e923b4173198b23e78a303c76e1d 266838 libsox2_14.4.1-5_amd64.deb b252cbce28f6317b931a828bae91725143422d5a 67982 libsox-fmt-base_14.4.1-5_amd64.deb 24af03c2f41ed379644d712941868ae87ccee398 46740 libsox-fmt-alsa_14.4.1-5_amd64.deb 41f906b1af3ce7d1944d521440fb08b330157cc2 43638 libsox-fmt-ao_14.4.1-5_amd64.deb ce383a69f46fc9d56b3a39960e1d9077f85e14a9 51794 libsox-fmt-mp3_14.4.1-5_amd64.deb 2d945ec35e17a2d8d38454b39ca90afb4b61547f 44162 libsox-fmt-oss_14.4.1-5_amd64.deb 8615643204a1c84ad76948e8b4bd7a4a6d8de8a3 43690 libsox-fmt-pulse_14.4.1-5_amd64.deb edbb7999476544e46ac5c298f4ac60f4e540466e 41254 libsox-fmt-all_14.4.1-5_amd64.deb 9aec1cce62e542bbed30bbcf4f176138de00db32 355090 libsox-dev_14.4.1-5_amd64.deb Checksums-Sha256: ff7442d54f92c7d2f7490ae2e5c5f55fe99d1e61ea6fbad7eab6c9135f8b5b3d 2621 sox_14.4.1-5.dsc 9a8c2c6fe51e608da346a157e111508a957af9e3ecf3de26781d36e9a67fa89b 1111653 sox_14.4.1.orig.tar.gz 5df459a30998ce4c07be1fd7b1f6243210edfa9006101441f6ecf27069a48642 13448 sox_14.4.1-5.debian.tar.xz 45f70101a0940d6f90d2183e3832e7eed24377d0ac272136abc34c8efc27509d 137074 sox_14.4.1-5_amd64.deb d83dcae2ed1503fe4ca89642ed1ef00ef83c0824880806b58660e2407afe1cad 266838 libsox2_14.4.1-5_amd64.deb 06fa5b123b19a157346983fd74fb7ebc03a96d770cb4fe8ac94d1dd3d2326bb4 67982 libsox-fmt-base_14.4.1-5_amd64.deb c48af36b27b7d962eaee5b0bde3e104ff249637ff02ccff2a5ed408754b20219 46740 libsox-fmt-alsa_14.4.1-5_amd64.deb b8ed9d9f39f31801e77f00ac5987d15ebbb0930dff0b9f9493c750030819bea4 43638 libsox-fmt-ao_14.4.1-5_amd64.deb b3254b48225ef282501f39468106cdc6119b997091a024594cb5b970ad283d8b 51794 libsox-fmt-mp3_14.4.1-5_amd64.deb dd9ed7f57a0762722426952d04bf572f414558eb4277f7df0fb4a928dc9ea25b 44162 libsox-fmt-oss_14.4.1-5_amd64.deb dd86ca20309848b002ba963b7a5e2489e65835cc9ebd691e142c3a9449acbea6 43690 libsox-fmt-pulse_14.4.1-5_amd64.deb fed9204d10cba71ac4bc62aa11b65de2149814a7d146b65c6c94a8a9ebf2f4aa 41254 libsox-fmt-all_14.4.1-5_amd64.deb d1ce1d5a73c631838b797ac423ace99de53fe423560e5edc33f16c4dc23ca029 355090 libsox-dev_14.4.1-5_amd64.deb Files: 18e9c5850432b4e4f17ae71290dbcc30 2621 sound optional sox_14.4.1-5.dsc 670307f40763490a2bc0d1f322071e7a 1111653 sound optional sox_14.4.1.orig.tar.gz 59499ced90faa13cab4018ae49349e33 13448 sound optional sox_14.4.1-5.debian.tar.xz 62ed9cfbff4afb6e46719f59db0de8f2 137074 sound optional sox_14.4.1-5_amd64.deb 8c77796ef099fda321128983f9e545a3 266838 libs optional libsox2_14.4.1-5_amd64.deb 85672d643a633ef5bdef663e3b1e5ad0 67982 libs optional libsox-fmt-base_14.4.1-5_amd64.deb 24ff02986b705f17aaa0d3748d0e2f42 46740 libs optional libsox-fmt-alsa_14.4.1-5_amd64.deb 1428bbb3864b515230a86e3f9a8401be 43638 libs optional libsox-fmt-ao_14.4.1-5_amd64.deb 38ab8cb2a021a35fda6bb6ca0f01e645 51794 libs optional libsox-fmt-mp3_14.4.1-5_amd64.deb 6a04d1e04c88b7dff0f85e3022664a3f 44162 libs optional libsox-fmt-oss_14.4.1-5_amd64.deb 8bf99bb96a25c314cb33ed7eb1faba41 43690 libs optional libsox-fmt-pulse_14.4.1-5_amd64.deb 6d769af62c87ffe009a6d65f0dc1a049 41254 libs optional libsox-fmt-all_14.4.1-5_amd64.deb 04a108612b636e8eb8e4bc5e331cf924 355090 libdevel optional libsox-dev_14.4.1-5_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJUmxvoAAoJEL5c9ofcWrfC/fMQAJGcjEP161LLk0FKWomvoXm1 sz177yIa5cXIQ/zpPMZLUuwfdJiJT3L46Kz0m12iDNawk4/F2k1wR5f6uTr6s4ps 5H61myQQM5Pd8J5mKdBCsYtTN/0xmT+tsRdhp3Qj6QqN3NPZHFXJjF4QnsNFCFPn IU7Ns+f/6ypeotpnvTV75wWO78BZ0EBzalRGXJZabINYrqy3A0cT6io1vL15iWwl EnkT2HIL3Wbu5Y9pnKi+ZGs2UyxIDIHCiYDdy5F8mugrj0T63mGP2I1PaY/yielv URmmk/CJJXs8qIfsE8ocP4isYas4z8zEv25lTu/PcsmQu3d8RX+lpdNmlXsA14HI iENUkYF3oXxsLF/swI16mMI/xj9rAG/YaE6FBQ9DzpT3+86MS8ye5XqsNMsd3Hab kIJ9vcFfKQeKd20ebfX00C8rE/ZFs+29HsIbBVK07voS47DxcdXt4Q6B61xFO6Ot QMUT83/jotbENCUpfAdKG+tQLQlq4a8Qxk86fb9aQVSk18Gv7X+yBs6rg6KjK7o+ QFHSV+sL5Ua9cp8IgIuu/NyoJrRpNAJsUf1cKUg9Kr4ClRr54xzla2L5KjNlWKbn rwg3RGC5cJaZ6uEcSdeZrl53cY6J3wzll0sI6Hl+GbUPqUTUm1EIXUISnjzOOxpM lQ/0pc0mjpIQtD+YqleS =I/NW -----END PGP SIGNATURE-----
--- End Message ---
