[Git][security-tracker-team/security-tracker][master] Reference oss-security post with patches for sox issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Feb 4 09:00:03 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
917fef3b by Salvatore Bonaccorso at 2023-02-04T09:59:30+01:00
Reference oss-security post with patches for sox issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -58138,12 +58138,14 @@ CVE-2022-31651 (In SoX 14.4.2, there is an assertion failure in rate_init in rat
 	[buster] - sox <no-dsa> (Minor issue)
 	[stretch] - sox <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/sox/bugs/360/
+	NOTE: https://www.openwall.com/lists/oss-security/2023/02/03/3
 CVE-2022-31650 (In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwri ...)
 	- sox 14.4.2+git20190427-3.1 (bug #1012516)
 	[bullseye] - sox <no-dsa> (Minor issue)
 	[buster] - sox <no-dsa> (Minor issue)
 	[stretch] - sox <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/sox/bugs/360/
+	NOTE: https://www.openwall.com/lists/oss-security/2023/02/03/3
 CVE-2022-31649 (ownCloud owncloud/core before 10.10.0 Improperly Removes Sensitive Inf ...)
 	- owncloud <removed>
 CVE-2022-31648 (Talend Administration Center is vulnerable to a reflected Cross-Site S ...)
@@ -108030,6 +108032,7 @@ CVE-2021-40426 (A heap-based buffer overflow vulnerability exists in the sphere.
 	- sox 14.4.2+git20190427-3.1 (bug #1012138)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1434
 	NOTE: https://sourceforge.net/p/sox/bugs/362/
+	NOTE: https://www.openwall.com/lists/oss-security/2023/02/03/3
 CVE-2021-40425 (An out-of-bounds read vulnerability exists in the IOCTL GetProcessComm ...)
 	NOT-FOR-US: Webroot
 CVE-2021-40424 (An out-of-bounds read vulnerability exists in the IOCTL GetProcessComm ...)
@@ -117427,6 +117430,7 @@ CVE-2021-3643 (A flaw was found in sox 14.4.1. The lsx_adpcm_init function withi
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1980626
 	NOTE: Triggered by same reproducer as for CVE-2021-23210
 	NOTE: https://sourceforge.net/p/sox/bugs/351/
+	NOTE: https://www.openwall.com/lists/oss-security/2023/02/03/3
 CVE-2021-38193 (An issue was discovered in the ammonia crate before 3.1.0 for Rust. XS ...)
 	- rust-ammonia 3.1.2-1 (bug #991497)
 	NOTE: https://github.com/rust-ammonia/ammonia/commit/4b8426b89b861d9bea20e126576b0febb9d13515
@@ -124225,6 +124229,7 @@ CVE-2021-33844 (A floating point exception (divide-by-zero) issue was discovered
 	- sox 14.4.2+git20190427-3.1 (bug #1021135)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975664
 	NOTE: https://sourceforge.net/p/sox/bugs/349/
+	NOTE: https://www.openwall.com/lists/oss-security/2023/02/03/3
 CVE-2021-33842 (Improper Authentication vulnerability in the cookie parameter of Circu ...)
 	NOT-FOR-US: Circutor SGE-PLC1000 firmware
 CVE-2021-33841 (SGE-PLC1000 device, in its 0.9.2b firmware version, does not handle so ...)
@@ -124236,14 +124241,17 @@ CVE-2021-23210 (A floating point exception (divide-by-zero) issue was discovered
 	[stretch] - sox <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975670
 	NOTE: https://sourceforge.net/p/sox/bugs/351/
+	NOTE: https://www.openwall.com/lists/oss-security/2023/02/03/3
 CVE-2021-23172 (A vulnerability was found in SoX, where a heap-buffer-overflow occurs  ...)
 	- sox 14.4.2+git20190427-3.1 (bug #1021134)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975666
 	NOTE: https://sourceforge.net/p/sox/bugs/350/
+	NOTE: https://www.openwall.com/lists/oss-security/2023/02/03/3
 CVE-2021-23159 (A vulnerability was found in SoX, where a heap-buffer-overflow occurs  ...)
 	- sox 14.4.2+git20190427-3.1 (bug #1021133)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975671
 	NOTE: https://sourceforge.net/p/sox/bugs/352/
+	NOTE: https://www.openwall.com/lists/oss-security/2023/02/03/3
 CVE-2021-33840 (The server in Luca through 1.1.14 allows remote attackers to cause a d ...)
 	NOT-FOR-US: Luca
 CVE-2021-33839 (Luca through 1.7.4 on Android allows remote attackers to obtain sensit ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/917fef3b49bc9306f9b91c870d2f037ec84d8dd2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/917fef3b49bc9306f9b91c870d2f037ec84d8dd2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230204/ab41b05f/attachment.htm>

More information about the debian-security-tracker-commits mailing list