[Git][security-tracker-team/security-tracker][master] add bugnum for sox

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
62a82591 by Moritz Muehlenhoff at 2022-05-30T21:21:50+02:00
add bugnum for sox

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -49001,7 +49001,7 @@ CVE-2021-40428
 CVE-2021-40427
 	RESERVED
 CVE-2021-40426 (A heap-based buffer overflow vulnerability exists in the sphere.c star ...)
-	- sox <unfixed>
+	- sox <unfixed> (bug #1012138)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1434
 CVE-2021-40425 (An out-of-bounds read vulnerability exists in the IOCTL GetProcessComm ...)
 	NOT-FOR-US: Webroot


=====================================
data/dsa-needed.txt
=====================================
@@ -49,6 +49,7 @@ slurm-wlm/stable
   Maintainer proposed an update for bullseye-security
 --
 sox
+  patch needed for CVE-2021-40426, check with upstream
 --
 spi (seb)
   2022-05-25: maintainer proposed debdiffs
@@ -59,8 +60,6 @@ unzip
   unclear information, initial report indicates writable memory corruption, but
   some identified patch is just for a NULL deref, needs more clarification
 --
-waitress (jmm)
---
 wordpress
 --
 webkit2gtk



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62a825919d63d2cadfeb6f834c635f96f871d66c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62a825919d63d2cadfeb6f834c635f96f871d66c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220530/3f7e9b21/attachment.htm>