[Git][security-tracker-team/security-tracker][master] Opened issue upstream

Enrico Zini (@enrico) enrico at debian.org
Tue Jun 28 13:40:58 BST 2022 


Enrico Zini pushed to branch master at Debian Security Tracker / security-tracker


Commits:
977af45f by Enrico Zini at 2022-06-28T14:40:46+02:00
Opened issue upstream

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -56785,6 +56785,7 @@ CVE-2021-40427
 CVE-2021-40426 (A heap-based buffer overflow vulnerability exists in the sphere.c star ...)
 	- sox <unfixed> (bug #1012138)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1434
+	NOTE: https://sourceforge.net/p/sox/bugs/362/
 CVE-2021-40425 (An out-of-bounds read vulnerability exists in the IOCTL GetProcessComm ...)
 	NOT-FOR-US: Webroot
 CVE-2021-40424 (An out-of-bounds read vulnerability exists in the IOCTL GetProcessComm ...)


=====================================
data/dla-needed.txt
=====================================
@@ -279,11 +279,12 @@ snapd
   NOTE: 20220308: seems vulnerable at least to setup_private_mount,
   NOTE: 20220308: but double check (pochu)
 --
-sox (enrico)
+sox
   NOTE: 20220529: Programming language: C.
   NOTE: 20220326: CVE-2019-13590 is fixed in git (Anton)
   NOTE: 20220326: https://salsa.debian.org/lts-team/packages/sox
   NOTE: 20220326: fix for CVE-2021-40426 is not yet available (Anton)
+  NOTE: 20220628: opened https://sourceforge.net/p/sox/bugs/362/ to track progress upstream (enrico)
 --
 spip
   NOTE: 20220529: Programming language: PHP.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/977af45f0e94bf6764cc480662f44d2a18380c1d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/977af45f0e94bf6764cc480662f44d2a18380c1d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220628/dd3a14d4/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list