[Git][security-tracker-team/security-tracker][master] CVE-2017-113{32,58,59} and -15371: add upstream fixes

Tue Mar 5 15:56:59 GMT 2019

Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4e5b7398 by Hugo Lefeuvre at 2019-03-05T15:56:21Z
CVE-2017-113{32,58,59} and -15371: add upstream fixes

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -83593,6 +83593,7 @@ CVE-2017-15371 (There is a reachable assertion abort in the function ...)
 	- sox 14.4.2-2 (bug #878809)
 	[stretch] - sox <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1500570
+	NOTE: https://github.com/mansr/sox/commit/818bdd0ccc1e5b6cae742c740c17fd414935cf39
 CVE-2017-15370 (There is a heap-based buffer overflow in the ImaExpandS function of ...)
 	{DLA-1695-1 DLA-1197-1}
 	- sox 14.4.2-2 (bug #878810)
@@ -95920,12 +95921,14 @@ CVE-2017-11359 (The wavwritehdr function in wav.c in Sound eXchange (SoX) 14.4.2
 	[stretch] - sox <no-dsa> (Minor issue)
 	NOTE: http://seclists.org/fulldisclosure/2017/Jul/81
 	NOTE: Upstream bug report https://sourceforge.net/p/sox/bugs/296/
+	NOTE: https://github.com/mansr/sox/commit/8b590b3a52f4ccc4eea3f41b4a067c38b3565b60
 CVE-2017-11358 (The read_samples function in hcom.c in Sound eXchange (SoX) 14.4.2 ...)
 	{DLA-1197-1}
 	- sox 14.4.2-2 (bug #870328)
 	[stretch] - sox <no-dsa> (Minor issue)
 	NOTE: http://seclists.org/fulldisclosure/2017/Jul/81
 	NOTE: Upstream bug report https://sourceforge.net/p/sox/bugs/296/
+	NOTE: https://github.com/mansr/sox/commit/6cb44a44b9eda6b321ccdbf6483348d4a9798b00
 CVE-2017-11357 (Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not ...)
 	NOT-FOR-US: Progress Telerik UI
 CVE-2017-11356 (The application distribution export functionality in PEGA Platform 7.2 ...)
@@ -96060,6 +96063,7 @@ CVE-2017-11332 (The startread function in wav.c in Sound eXchange (SoX) 14.4.2 a
 	[stretch] - sox <no-dsa> (Minor issue)
 	NOTE: http://seclists.org/fulldisclosure/2017/Jul/81
 	NOTE: Upstream bug report https://sourceforge.net/p/sox/bugs/296/
+	NOTE: https://github.com/mansr/sox/commit/7405bcaacb1ded8c595cb751d407cf738cb26571
 CVE-2017-11331 (The wav_open function in oggenc/audio.c in Xiph.Org vorbis-tools 1.4.0 ...)
 	- vorbis-tools <unfixed> (unimportant)
 	NOTE: The issue is "covered" by the fix applied in 0016-oggenc-validate-count-of-channels-in-the-header-CVE-.patch



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4e5b739866b8c22c25b92c7039a4b04818896cea

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4e5b739866b8c22c25b92c7039a4b04818896cea
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190305/225460bb/attachment.html>
