[Git][security-tracker-team/security-tracker][master] sox DSA

Mon Feb 20 18:59:44 GMT 2023


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a6145b00 by Moritz Mühlenhoff at 2023-02-20T19:58:57+01:00
sox DSA

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -61155,13 +61155,11 @@ CVE-2022-31652
 CVE-2022-31651 (In SoX 14.4.2, there is an assertion failure in rate_init in rate.c in ...)
 	{DLA-3315-1}
 	- sox 14.4.2+git20190427-3.1 (bug #1012516)
-	[bullseye] - sox <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/sox/bugs/360/
 	NOTE: https://www.openwall.com/lists/oss-security/2023/02/03/3
 CVE-2022-31650 (In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwri ...)
 	{DLA-3315-1}
 	- sox 14.4.2+git20190427-3.1 (bug #1012516)
-	[bullseye] - sox <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/sox/bugs/360/
 	NOTE: https://www.openwall.com/lists/oss-security/2023/02/03/3
 CVE-2022-31649 (ownCloud owncloud/core before 10.10.0 Improperly Removes Sensitive Inf ...)
@@ -120471,7 +120469,6 @@ CVE-2021-36716 (A ReDoS (regular expression denial of service) flaw was found in
 CVE-2021-3643 (A flaw was found in sox 14.4.1. The lsx_adpcm_init function within lib ...)
 	{DLA-3315-1}
 	- sox 14.4.2+git20190427-3.2 (bug #1010374)
-	[bullseye] - sox <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1980626
 	NOTE: Triggered by same reproducer as for CVE-2021-23210
 	NOTE: https://sourceforge.net/p/sox/bugs/351/
@@ -127280,7 +127277,6 @@ CVE-2021-33841 (SGE-PLC1000 device, in its 0.9.2b firmware version, does not han
 CVE-2021-23210 (A floating point exception (divide-by-zero) issue was discovered in So ...)
 	{DLA-3315-1}
 	- sox 14.4.2+git20190427-3.2 (bug #1010374)
-	[bullseye] - sox <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975670
 	NOTE: https://sourceforge.net/p/sox/bugs/351/
 	NOTE: https://www.openwall.com/lists/oss-security/2023/02/03/3


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,6 @@
+[20 Feb 2023] DSA-5356-1 sox - security update
+	{CVE-2021-3643 CVE-2021-23159 CVE-2021-23172 CVE-2021-23210 CVE-2021-33844 CVE-2021-40426 CVE-2022-31650 CVE-2022-31651}
+	[bullseye] - sox 14.4.2+git20190427-2+deb11u1
 [18 Feb 2023] DSA-5355-1 thunderbird - security update
 	{CVE-2022-46871 CVE-2022-46877 CVE-2023-0430 CVE-2023-0616 CVE-2023-0767 CVE-2023-23598 CVE-2023-23601 CVE-2023-23602 CVE-2023-23603 CVE-2023-23605 CVE-2023-25728 CVE-2023-25729 CVE-2023-25730 CVE-2023-25732 CVE-2023-25735 CVE-2023-25737 CVE-2023-25739 CVE-2023-25742 CVE-2023-25744 CVE-2023-25746}
 	[bullseye] - thunderbird 1:102.8.0-1~deb11u1


=====================================
data/dsa-needed.txt
=====================================
@@ -56,9 +56,6 @@ samba
 sofia-sip
   Maintainer proposed debdiff for review with additional question and sent a followup
 --
-sox (jmm)
-  patch needed for CVE-2021-40426, check with upstream
---
 tiff (aron)
 --
 xrdp



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a6145b0031de33e3acb93c4c6511b3beacd1e3de

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a6145b0031de33e3acb93c4c6511b3beacd1e3de
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230220/2250e1c7/attachment.htm>
