[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2022-50798/sox: bullseye postponed

Sylvain Beucler (@beuc) gitlab at salsa.debian.org
Sat Jan 3 11:02:33 GMT 2026 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e97c147a by Sylvain Beucler at 2026-01-03T11:53:28+01:00
CVE-2022-50798/sox: bullseye postponed

- - - - -
a85abd2f by Sylvain Beucler at 2026-01-03T12:02:23+01:00
dla: add curl

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -2126,6 +2126,7 @@ CVE-2022-50798 (SoX 14.4.2 contains a division by zero vulnerability when handli
 	- sox <unfixed>
 	[trixie] - sox <no-dsa> (Minor issue)
 	[bookworm] - sox <no-dsa> (Minor issue)
+	[bullseye] - sox <postponed> (Minor issue, DoS)
 	NOTE: https://www.exploit-db.com/exploits/51034
 	NOTE: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5712.php
 CVE-2022-50796 (SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains an unauthenticated remote ...)


=====================================
data/dla-needed.txt
=====================================
@@ -73,6 +73,14 @@ ckeditor
 containerd
   NOTE: 20251113: Added by Front-Desk (ta)
 --
+curl
+  NOTE: 20260103: Added by Front-Desk (Beuc)
+  NOTE: 20260103: @puer-robustus prepared a patch for bullseye:
+  NOTE: 20260103: https://salsa.debian.org/debian/curl/-/merge_requests/57
+  NOTE: 20260103: There's also an OSPU:
+  NOTE: 20260103: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1124568
+  NOTE: 20260103: Please coordinate with him to upload to LTS (Beuc/front-desk)
+--
 dcmtk (Markus Koschany)
   NOTE: 20251229: Added by Front-Desk (apo)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8022b65ca8d55dcc1abf25e13a775a1bf28f84e9...a85abd2f71636797fd893d4b2dcfe8758b75e532

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8022b65ca8d55dcc1abf25e13a775a1bf28f84e9...a85abd2f71636797fd893d4b2dcfe8758b75e532
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260103/a3c1f8e9/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list