[Git][security-tracker-team/security-tracker][master] Track fixed version for some sox issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Feb 3 18:19:52 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
67d6d19a by Salvatore Bonaccorso at 2023-02-03T19:19:08+01:00
Track fixed version for some sox issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -57996,13 +57996,13 @@ CVE-2022-31653
 CVE-2022-31652
 	RESERVED
 CVE-2022-31651 (In SoX 14.4.2, there is an assertion failure in rate_init in rate.c in ...)
-	- sox <unfixed> (bug #1012516)
+	- sox 14.4.2+git20190427-3.1 (bug #1012516)
 	[bullseye] - sox <no-dsa> (Minor issue)
 	[buster] - sox <no-dsa> (Minor issue)
 	[stretch] - sox <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/sox/bugs/360/
 CVE-2022-31650 (In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwri ...)
-	- sox <unfixed> (bug #1012516)
+	- sox 14.4.2+git20190427-3.1 (bug #1012516)
 	[bullseye] - sox <no-dsa> (Minor issue)
 	[buster] - sox <no-dsa> (Minor issue)
 	[stretch] - sox <no-dsa> (Minor issue)
@@ -107892,7 +107892,7 @@ CVE-2021-40428
 CVE-2021-40427
 	RESERVED
 CVE-2021-40426 (A heap-based buffer overflow vulnerability exists in the sphere.c star ...)
-	- sox <unfixed> (bug #1012138)
+	- sox 14.4.2+git20190427-3.1 (bug #1012138)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1434
 	NOTE: https://sourceforge.net/p/sox/bugs/362/
 CVE-2021-40425 (An out-of-bounds read vulnerability exists in the IOCTL GetProcessComm ...)
@@ -117285,7 +117285,7 @@ CVE-2021-36717 (Synerion TimeNet version 9.21 contains a directory traversal vul
 CVE-2021-36716 (A ReDoS (regular expression denial of service) flaw was found in the S ...)
 	NOT-FOR-US: Node is-email
 CVE-2021-3643 (A flaw was found in sox 14.4.1. The lsx_adpcm_init function within lib ...)
-	- sox <unfixed> (bug #1010374)
+	- sox 14.4.2+git20190427-3.1 (bug #1010374)
 	[bullseye] - sox <no-dsa> (Minor issue)
 	[buster] - sox <no-dsa> (Minor issue)
 	[stretch] - sox <no-dsa> (Minor issue)
@@ -124087,7 +124087,7 @@ CVE-2021-3580 (A flaw was found in the way nettle's RSA decryption functions han
 	NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/485b5e2820a057e873b1ba812fdb39cae4adf98c
 	NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/485b5e2820a057e873b1ba812fdb39cae4adf98c
 CVE-2021-33844 (A floating point exception (divide-by-zero) issue was discovered in So ...)
-	- sox <unfixed> (bug #1021135)
+	- sox 14.4.2+git20190427-3.1 (bug #1021135)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975664
 	NOTE: https://sourceforge.net/p/sox/bugs/349/
 CVE-2021-33842 (Improper Authentication vulnerability in the cookie parameter of Circu ...)
@@ -124095,18 +124095,18 @@ CVE-2021-33842 (Improper Authentication vulnerability in the cookie parameter of
 CVE-2021-33841 (SGE-PLC1000 device, in its 0.9.2b firmware version, does not handle so ...)
 	NOT-FOR-US: SGE-PLC1000 device
 CVE-2021-23210 (A floating point exception (divide-by-zero) issue was discovered in So ...)
-	- sox <unfixed> (bug #1010374)
+	- sox 14.4.2+git20190427-3.1 (bug #1010374)
 	[bullseye] - sox <no-dsa> (Minor issue)
 	[buster] - sox <no-dsa> (Minor issue)
 	[stretch] - sox <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975670
 	NOTE: https://sourceforge.net/p/sox/bugs/351/
 CVE-2021-23172 (A vulnerability was found in SoX, where a heap-buffer-overflow occurs  ...)
-	- sox <unfixed> (bug #1021134)
+	- sox 14.4.2+git20190427-3.1 (bug #1021134)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975666
 	NOTE: https://sourceforge.net/p/sox/bugs/350/
 CVE-2021-23159 (A vulnerability was found in SoX, where a heap-buffer-overflow occurs  ...)
-	- sox <unfixed> (bug #1021133)
+	- sox 14.4.2+git20190427-3.1 (bug #1021133)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975671
 	NOTE: https://sourceforge.net/p/sox/bugs/352/
 CVE-2021-33840 (The server in Luca through 1.1.14 allows remote attackers to cause a d ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/67d6d19a616afba32364c800c8947729b62e1bcc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/67d6d19a616afba32364c800c8947729b62e1bcc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230203/cc961f37/attachment.htm>

More information about the debian-security-tracker-commits mailing list