Your message dated Sat, 03 Jan 2015 18:52:17 +0000 with message-id <e1y7to9-0002uq...@franck.debian.org> and subject line Bug#773720: fixed in sox 14.3.1-1+deb6u1 has caused the Debian Bug report #773720, regarding sox: CVE-2014-8145 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 773720: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773720 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: sox Version: 14.3.1-1 Severity: grave Tags: security upstream Hi, the following vulnerability was published for sox. CVE-2014-8145[0]: two heap-based buffer overflows If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2014-8145 [1] http://www.ocert.org/advisories/ocert-2014-010.html Patches are not yet attached/referenced in the advisory, but should be referenced in upstream git repository soon. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: sox Source-Version: 14.3.1-1+deb6u1 We believe that the bug you reported is fixed in the latest version of sox, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 773...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thorsten Alteholz <deb...@alteholz.de> (supplier of updated sox package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 03 Dec 2015 19:33:00 +0100 Source: sox Binary: sox libsox1b libsox-fmt-base libsox-fmt-alsa libsox-fmt-ao libsox-fmt-ffmpeg libsox-fmt-mp3 libsox-fmt-oss libsox-fmt-pulse libsox-fmt-all libsox-dev Architecture: source i386 Version: 14.3.1-1+deb6u1 Distribution: squeeze-lts Urgency: medium Maintainer: Pascal Giard <pas...@debian.org> Changed-By: Thorsten Alteholz <deb...@alteholz.de> Description: libsox-dev - Development files for the SoX library libsox-fmt-all - All SoX format libraries libsox-fmt-alsa - SoX alsa format I/O library libsox-fmt-ao - SoX Libao format I/O library libsox-fmt-base - Minimal set of SoX format libraries libsox-fmt-ffmpeg - SoX ffmpeg format library libsox-fmt-mp3 - SoX MP3 format library libsox-fmt-oss - SoX OSS format I/O library libsox-fmt-pulse - SoX PulseAudio format I/O library libsox1b - SoX library of audio effects and processing sox - Swiss army knife of sound processing Closes: 773720 Changes: sox (14.3.1-1+deb6u1) squeeze-lts; urgency=medium . * Non-maintainer upload by the Squeeze LTS Team. * Patches to fix memory corruptions on the heap, CVE-2014-8145 (closes: #773720): + 0001-Check-for-minimum-size-sphere-headers.patch + 0002-More-checks-for-invalid-MS-ADPCM-blocks.patch Checksums-Sha1: 9a623a8e184a1517688899d31a5886d9f737f32e 2276 sox_14.3.1-1+deb6u1.dsc 2e43e00f11a939189ad4b821e34d0d184c595fcd 1042658 sox_14.3.1.orig.tar.gz 4b8e42843912f79ae72574c06b81956aa556cfbd 12159 sox_14.3.1-1+deb6u1.diff.gz 3acc3718eae2cda80ed13bfe0c9bb9d154ae91e5 132218 sox_14.3.1-1+deb6u1_i386.deb 80edaf2ed5c572a87f969436ccb6a235d0788ef9 285968 libsox1b_14.3.1-1+deb6u1_i386.deb 070b80813398108b85c288637aeb0620b82b5c68 56878 libsox-fmt-base_14.3.1-1+deb6u1_i386.deb f66c392b3a9877f15b7d1bec1402a123cda69d0b 46448 libsox-fmt-alsa_14.3.1-1+deb6u1_i386.deb 8e85bc90b0d8e7528213954b68300e3015b499b7 43496 libsox-fmt-ao_14.3.1-1+deb6u1_i386.deb ed7de9ae0cbf2ad0799e0d6c0a32cbd81af85b6b 45674 libsox-fmt-ffmpeg_14.3.1-1+deb6u1_i386.deb 9bb03905e314440358a7bce313b13c8297f7b3c4 47418 libsox-fmt-mp3_14.3.1-1+deb6u1_i386.deb 02a7a4e4afcda4a78c8564dad97784851cbe98c2 43924 libsox-fmt-oss_14.3.1-1+deb6u1_i386.deb 06ada38c2db42c6fff6046b4fd3591845d39c6fc 43310 libsox-fmt-pulse_14.3.1-1+deb6u1_i386.deb bc0223d088098653527243f2912449ceb1111e8d 40474 libsox-fmt-all_14.3.1-1+deb6u1_i386.deb d3a65f5cd07b3179e2865e792db21d6a4e78c3f2 376024 libsox-dev_14.3.1-1+deb6u1_i386.deb Checksums-Sha256: 6f93822f7f6ab9987fd4ffbd1582fbaccac8c52e5eb871225b3cd5c191791447 2276 sox_14.3.1-1+deb6u1.dsc ffa6c8beff7d9ca42996db34f479521e342288695a2f93cdc59d95d95f89b3fd 1042658 sox_14.3.1.orig.tar.gz b62f1f8500696b732639fab56b3f48c313156f775f7a2408406ae5a470201a2e 12159 sox_14.3.1-1+deb6u1.diff.gz cd3231cac7e67371ffff8bf94b096f0b3e9488b5e14f40e25d8ea219b2167825 132218 sox_14.3.1-1+deb6u1_i386.deb 7916943951ef6f1b0a5277f61e29652349eee3b649b2e643a8e0cc5c42e74dea 285968 libsox1b_14.3.1-1+deb6u1_i386.deb 504d75f675f519a2402d2a402094b3341fbdcfb78327f75dc9420fdc38577082 56878 libsox-fmt-base_14.3.1-1+deb6u1_i386.deb badb2c96e7103b0ea6d7f4fcd9820f540f26c78766a3eac675fd5108d27f5721 46448 libsox-fmt-alsa_14.3.1-1+deb6u1_i386.deb 750a224ff50c69e35d193ac24a6805037e9a2d250fcf1bde172e4fcf7fcfbb7b 43496 libsox-fmt-ao_14.3.1-1+deb6u1_i386.deb f8a0540668b2e4bc029ca3499c618c4caa9fe75b54a4f91928cbbd67d91090ef 45674 libsox-fmt-ffmpeg_14.3.1-1+deb6u1_i386.deb f56dd17a5b9e03dc5770b5bd10be4065cb963f7470aabd4e1b06fb7b646e79ab 47418 libsox-fmt-mp3_14.3.1-1+deb6u1_i386.deb b7126ade4123a5d40fcc7af33902966c66ce3ab96e5607ad93dd467b3e5ef34f 43924 libsox-fmt-oss_14.3.1-1+deb6u1_i386.deb 4ad43109f108df8e529441771978a645acedaf9ad3dfa0e25459d2ce7683ac3e 43310 libsox-fmt-pulse_14.3.1-1+deb6u1_i386.deb 8421292828716b17b85e8e2b084699a6e069cf073592b65048e720273277f2b2 40474 libsox-fmt-all_14.3.1-1+deb6u1_i386.deb 860c2972cead9a9e2cb5342e95c0c65fc4d6ab28eaf4ee3cc596c370fa9de5ec 376024 libsox-dev_14.3.1-1+deb6u1_i386.deb Files: 260cf97ce64acddd7bf73248a9400cf0 2276 sound optional sox_14.3.1-1+deb6u1.dsc 0f6f981406b694d234ec81b368c525f1 1042658 sound optional sox_14.3.1.orig.tar.gz ac1d47f90b10e0954cf8868300722772 12159 sound optional sox_14.3.1-1+deb6u1.diff.gz 42895301798ce96b12642f1dca4bbde4 132218 sound optional sox_14.3.1-1+deb6u1_i386.deb 32d80d0aabfeff2cfc8c729cee019dcf 285968 sound optional libsox1b_14.3.1-1+deb6u1_i386.deb 3339ee3b808fc153889cd2afa0e82c02 56878 sound optional libsox-fmt-base_14.3.1-1+deb6u1_i386.deb 294562bea8db2fcee7f79197558f330d 46448 sound optional libsox-fmt-alsa_14.3.1-1+deb6u1_i386.deb 60c0942fbaa2e32374d8cf62d0aa0575 43496 sound optional libsox-fmt-ao_14.3.1-1+deb6u1_i386.deb dc40b33b4c585232c2884db3184e25f8 45674 sound optional libsox-fmt-ffmpeg_14.3.1-1+deb6u1_i386.deb 846301881687d369543f27146424ce2c 47418 sound optional libsox-fmt-mp3_14.3.1-1+deb6u1_i386.deb d1e611d926e376b77673bef9829f02dd 43924 sound optional libsox-fmt-oss_14.3.1-1+deb6u1_i386.deb 9a63fec6e225b25aacfe87a75a638124 43310 sound optional libsox-fmt-pulse_14.3.1-1+deb6u1_i386.deb 5f70566793b1ac8b860338d74d9e3f16 40474 sound optional libsox-fmt-all_14.3.1-1+deb6u1_i386.deb d0317efcded446cb10f545a22149978d 376024 libdevel optional libsox-dev_14.3.1-1+deb6u1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQJ8BAEBCgBmBQJUqDg+XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5 NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHE/0P/3Ln8y99LGtFiWI2p5wG5o7N j4I86+vQB6ssLDA5q9JV9IQlk/84r82MOuQM0hGPd8XNs+P71Q2nlcGB4DfW0+3+ iJdDEbfx2mXQY9GOXn/FT6w+tweFeCWfAzHk82OsT/00mKn9muCPyrGdrCidhrB/ fk8knxGIARyahi0EZ6hSPN041koGagMsmo2QE0H4Uk1zC2sJGXjWEsn6zraF8g5a 6sryZcn4IuWXFunjBnm3bdQNIAbeXU4Ns+LqfnSk7sXCxtaRT9jwZglCygbE0KYA 5VwV3qB90YBn0MsUm89DcTYfOpvkTcxxnmi1oaWK6sR0OvGX2K82qlju44smLhWH zA4c+klrkANQpe4w/5P98XdlIgFw6eIAq3FAzCDab7LFW6sUhrtID/nhemJorKO1 rAWZNGIPv/FxVF2MA2iuvRSdNz/Ibf7zymnWoOiCrTzTGDNPeqeWsZW+L5PrwuPe e0Ac7tLt44LIUHn+6wOPL8lzEsZlWaruDDMXC68CVx6DHPl3x6MbQMfuGAycH5F/ fh4E1aLLymn4WmjttzEuV/XVMJi35g9S11ybolqrJUHVVVbpr1+uODy/YMvF+uHc fCJHWYJLv6te4k4uo/kn4uELORFV9b3bcNnkFAVRNqgGmz3l1w+UQfpQQg0uKWAz H9ooiCQbtRq7C7mrEUeV =8RD+ -----END PGP SIGNATURE-----
--- End Message ---
