[Secure-testing-commits] r58019 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Nov 25 14:03:18 UTC 2017
Author: carnil
Date: 2017-11-25 14:03:18 +0000 (Sat, 25 Nov 2017)
New Revision: 58019
Modified:
data/CVE/list
Log:
Add fixed version for CVE-2017-15372 and CVE-2017-15642 in sox
I'm specifically not adding CVE-2017-11333 since the CVE is specific to
libvorbis, though sox patches the included vorbis lib.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-11-25 13:59:20 UTC (rev 58018)
+++ data/CVE/list 2017-11-25 14:03:18 UTC (rev 58019)
@@ -3930,7 +3930,7 @@
[jessie] - musl <no-dsa> (Minor issue)
NOTE: https://git.musl-libc.org/cgit/musl/patch/?id=45ca5d3fcb6f874bf5ba55d0e9651cef68515395
CVE-2017-15642 (In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, there is ...)
- - sox <unfixed> (bug #882144)
+ - sox 4.4.2-2 (bug #882144)
[stretch] - sox <no-dsa> (Minor issue)
[jessie] - sox <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/sox/bugs/298/
@@ -4593,7 +4593,7 @@
CVE-2017-15373 (E-Sic 1.0 allows SQL injection via the q parameter to ...)
NOT-FOR-US: E-Sic
CVE-2017-15372 (There is a stack-based buffer overflow in the ...)
- - sox <unfixed> (bug #878808)
+ - sox 4.4.2-2 (bug #878808)
[stretch] - sox <no-dsa> (Minor issue)
[jessie] - sox <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1500553
More information about the Secure-testing-commits
mailing list