[Git][security-tracker-team/security-tracker][master] Track fixed version for vorbis-tools issues
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sun Apr 13 12:41:28 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d560a7ad by Salvatore Bonaccorso at 2025-04-13T13:40:09+02:00
Track fixed version for vorbis-tools issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -151456,7 +151456,7 @@ CVE-2023-43835 (Super Store Finder 3.7 and below is vulnerable to authenticated
CVE-2023-43627 (Path traversal vulnerability in ACERA 1320 firmware ver.01.26 and earl ...)
NOT-FOR-US: ACERA firmware
CVE-2023-43361 (Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local a ...)
- - vorbis-tools <unfixed> (unimportant)
+ - vorbis-tools 1.4.3-1 (unimportant)
NOTE: Crash in CLI tool, no security impact
NOTE: https://github.com/xiph/vorbis-tools/issues/41
NOTE: https://gitlab.xiph.org/xiph/vorbis-tools/-/merge_requests/7
@@ -564055,7 +564055,7 @@ CVE-2017-11332 (The startread function in wav.c in Sound eXchange (SoX) 14.4.2 a
NOTE: Upstream bug report https://sourceforge.net/p/sox/bugs/296/
NOTE: https://github.com/mansr/sox/commit/7405bcaacb1ded8c595cb751d407cf738cb26571
CVE-2017-11331 (The wav_open function in oggenc/audio.c in Xiph.Org vorbis-tools 1.4.0 ...)
- - vorbis-tools <unfixed> (unimportant)
+ - vorbis-tools 1.4.3-1 (unimportant)
NOTE: The issue is "covered" by the fix applied in 0016-oggenc-validate-count-of-channels-in-the-header-CVE-.patch
NOTE: still the return of malloc is not checked.
NOTE: http://seclists.org/fulldisclosure/2017/Jul/80
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d560a7ad14aa5f086ed810af20c654fa1280176d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d560a7ad14aa5f086ed810af20c654fa1280176d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250413/d7221dc9/attachment.htm>
More information about the debian-security-tracker-commits
mailing list