[Git][security-tracker-team/security-tracker][master] 2 commits: Add sox to dla-needed.txt

Sat Feb 2 12:57:00 GMT 2019

Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a4ab5417 by Markus Koschany at 2019-02-02T12:54:31Z
Add sox to dla-needed.txt

- - - - -
63e661c7 by Markus Koschany at 2019-02-02T12:56:17Z
Remove sox no-dsa tags.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -51700,7 +51700,6 @@ CVE-2017-18189 (In the startread function in xa.c in Sound eXchange (SoX) throug
 	{DLA-1197-1}
 	- sox 14.4.2-2 (bug #881121)
 	[stretch] - sox <no-dsa> (Minor issue)
-	[jessie] - sox <no-dsa> (Minor issue)
 	NOTE: https://public-inbox.org/sox-devel/20171109114554.16297-1-mans@mansr.com/raw
 CVE-2018-7049 (An issue was discovered in Wowza Streaming Engine before 4.7.1. There ...)
 	NOT-FOR-US: Wowza Streaming Engine
@@ -77099,7 +77098,6 @@ CVE-2017-15642 (In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, t
 	{DLA-1197-1}
 	- sox 14.4.2-2 (bug #882144)
 	[stretch] - sox <no-dsa> (Minor issue)
-	[jessie] - sox <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/sox/bugs/298/
 CVE-2017-15641
 	RESERVED
@@ -77872,19 +77870,16 @@ CVE-2017-15372 (There is a stack-based buffer overflow in the ...)
 	{DLA-1197-1}
 	- sox 14.4.2-2 (bug #878808)
 	[stretch] - sox <no-dsa> (Minor issue)
-	[jessie] - sox <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1500553
 CVE-2017-15371 (There is a reachable assertion abort in the function ...)
 	{DLA-1197-1}
 	- sox 14.4.2-2 (bug #878809)
 	[stretch] - sox <no-dsa> (Minor issue)
-	[jessie] - sox <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1500570
 CVE-2017-15370 (There is a heap-based buffer overflow in the ImaExpandS function of ...)
 	{DLA-1197-1}
 	- sox 14.4.2-2 (bug #878810)
 	[stretch] - sox <no-dsa> (Minor issue)
-	[jessie] - sox <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1500554
 CVE-2017-15369 (The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF ...)
 	- mupdf <not-affected> (Vulnerable code introduced later)
@@ -90209,14 +90204,12 @@ CVE-2017-11359 (The wavwritehdr function in wav.c in Sound eXchange (SoX) 14.4.2
 	{DLA-1197-1}
 	- sox 14.4.2-2 (bug #870328)
 	[stretch] - sox <no-dsa> (Minor issue)
-	[jessie] - sox <no-dsa> (Minor issue)
 	NOTE: http://seclists.org/fulldisclosure/2017/Jul/81
 	NOTE: Upstream bug report https://sourceforge.net/p/sox/bugs/296/
 CVE-2017-11358 (The read_samples function in hcom.c in Sound eXchange (SoX) 14.4.2 ...)
 	{DLA-1197-1}
 	- sox 14.4.2-2 (bug #870328)
 	[stretch] - sox <no-dsa> (Minor issue)
-	[jessie] - sox <no-dsa> (Minor issue)
 	NOTE: http://seclists.org/fulldisclosure/2017/Jul/81
 	NOTE: Upstream bug report https://sourceforge.net/p/sox/bugs/296/
 CVE-2017-11357 (Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not ...)
@@ -90351,7 +90344,6 @@ CVE-2017-11332 (The startread function in wav.c in Sound eXchange (SoX) 14.4.2 a
 	{DLA-1197-1}
 	- sox 14.4.2-2 (bug #870328)
 	[stretch] - sox <no-dsa> (Minor issue)
-	[jessie] - sox <no-dsa> (Minor issue)
 	NOTE: http://seclists.org/fulldisclosure/2017/Jul/81
 	NOTE: Upstream bug report https://sourceforge.net/p/sox/bugs/296/
 CVE-2017-11331 (The wav_open function in oggenc/audio.c in Xiph.Org vorbis-tools 1.4.0 ...)


=====================================
data/dla-needed.txt
=====================================
@@ -126,6 +126,10 @@ qemu (Hugo Lefeuvre)
 --
 rdesktop (Emilio)
 --
+sox
+  NOTE:20190202: Fixed in Buster, Stretch will be fixed via point update. Used
+  NOTE: by sponsors. (apo)
+--
 symfony (Roberto C. Sánchez)
   NOTE: 20190128: Working on resolving FTFBS with feedback received from mailing list (roberto)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/0023e6e4583b56e182571b3ba03f11d548a719aa...63e661c78947bd19fc03f75e474d7d16e20fdebc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/0023e6e4583b56e182571b3ba03f11d548a719aa...63e661c78947bd19fc03f75e474d7d16e20fdebc
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190202/c2b0cf2e/attachment-0001.html>
