[Git][security-tracker-team/security-tracker][master] 2 commits: Add sox to dla-needed.txt
Markus Koschany
apo at debian.org
Sat Feb 2 12:57:00 GMT 2019
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a4ab5417 by Markus Koschany at 2019-02-02T12:54:31Z
Add sox to dla-needed.txt
- - - - -
63e661c7 by Markus Koschany at 2019-02-02T12:56:17Z
Remove sox no-dsa tags.
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -51700,7 +51700,6 @@ CVE-2017-18189 (In the startread function in xa.c in Sound eXchange (SoX) throug
{DLA-1197-1}
- sox 14.4.2-2 (bug #881121)
[stretch] - sox <no-dsa> (Minor issue)
- [jessie] - sox <no-dsa> (Minor issue)
NOTE: https://public-inbox.org/sox-devel/20171109114554.16297-1-mans@mansr.com/raw
CVE-2018-7049 (An issue was discovered in Wowza Streaming Engine before 4.7.1. There ...)
NOT-FOR-US: Wowza Streaming Engine
@@ -77099,7 +77098,6 @@ CVE-2017-15642 (In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, t
{DLA-1197-1}
- sox 14.4.2-2 (bug #882144)
[stretch] - sox <no-dsa> (Minor issue)
- [jessie] - sox <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/sox/bugs/298/
CVE-2017-15641
RESERVED
@@ -77872,19 +77870,16 @@ CVE-2017-15372 (There is a stack-based buffer overflow in the ...)
{DLA-1197-1}
- sox 14.4.2-2 (bug #878808)
[stretch] - sox <no-dsa> (Minor issue)
- [jessie] - sox <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1500553
CVE-2017-15371 (There is a reachable assertion abort in the function ...)
{DLA-1197-1}
- sox 14.4.2-2 (bug #878809)
[stretch] - sox <no-dsa> (Minor issue)
- [jessie] - sox <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1500570
CVE-2017-15370 (There is a heap-based buffer overflow in the ImaExpandS function of ...)
{DLA-1197-1}
- sox 14.4.2-2 (bug #878810)
[stretch] - sox <no-dsa> (Minor issue)
- [jessie] - sox <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1500554
CVE-2017-15369 (The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF ...)
- mupdf <not-affected> (Vulnerable code introduced later)
@@ -90209,14 +90204,12 @@ CVE-2017-11359 (The wavwritehdr function in wav.c in Sound eXchange (SoX) 14.4.2
{DLA-1197-1}
- sox 14.4.2-2 (bug #870328)
[stretch] - sox <no-dsa> (Minor issue)
- [jessie] - sox <no-dsa> (Minor issue)
NOTE: http://seclists.org/fulldisclosure/2017/Jul/81
NOTE: Upstream bug report https://sourceforge.net/p/sox/bugs/296/
CVE-2017-11358 (The read_samples function in hcom.c in Sound eXchange (SoX) 14.4.2 ...)
{DLA-1197-1}
- sox 14.4.2-2 (bug #870328)
[stretch] - sox <no-dsa> (Minor issue)
- [jessie] - sox <no-dsa> (Minor issue)
NOTE: http://seclists.org/fulldisclosure/2017/Jul/81
NOTE: Upstream bug report https://sourceforge.net/p/sox/bugs/296/
CVE-2017-11357 (Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not ...)
@@ -90351,7 +90344,6 @@ CVE-2017-11332 (The startread function in wav.c in Sound eXchange (SoX) 14.4.2 a
{DLA-1197-1}
- sox 14.4.2-2 (bug #870328)
[stretch] - sox <no-dsa> (Minor issue)
- [jessie] - sox <no-dsa> (Minor issue)
NOTE: http://seclists.org/fulldisclosure/2017/Jul/81
NOTE: Upstream bug report https://sourceforge.net/p/sox/bugs/296/
CVE-2017-11331 (The wav_open function in oggenc/audio.c in Xiph.Org vorbis-tools 1.4.0 ...)
=====================================
data/dla-needed.txt
=====================================
@@ -126,6 +126,10 @@ qemu (Hugo Lefeuvre)
--
rdesktop (Emilio)
--
+sox
+ NOTE:20190202: Fixed in Buster, Stretch will be fixed via point update. Used
+ NOTE: by sponsors. (apo)
+--
symfony (Roberto C. Sánchez)
NOTE: 20190128: Working on resolving FTFBS with feedback received from mailing list (roberto)
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/0023e6e4583b56e182571b3ba03f11d548a719aa...63e661c78947bd19fc03f75e474d7d16e20fdebc
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/0023e6e4583b56e182571b3ba03f11d548a719aa...63e661c78947bd19fc03f75e474d7d16e20fdebc
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190202/c2b0cf2e/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list