[Git][security-tracker-team/security-tracker][master] 2 commits: Add sox to dla-needed.txt

Markus Koschany Sat, 02 Feb 2019 04:58:46 -0800

Markus Koschany pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
a4ab5417 by Markus Koschany at 2019-02-02T12:54:31Z
Add sox to dla-needed.txt

- - - - -
63e661c7 by Markus Koschany at 2019-02-02T12:56:17Z
Remove sox no-dsa tags.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -51700,7 +51700,6 @@ CVE-2017-18189 (In the startread function in xa.c in 
Sound eXchange (SoX) throug
        {DLA-1197-1}
        - sox 14.4.2-2 (bug #881121)
        [stretch] - sox <no-dsa> (Minor issue)
-       [jessie] - sox <no-dsa> (Minor issue)
        NOTE: 
https://public-inbox.org/sox-devel/20171109114554.16297-1-m...@mansr.com/raw
 CVE-2018-7049 (An issue was discovered in Wowza Streaming Engine before 4.7.1. 
There ...)
        NOT-FOR-US: Wowza Streaming Engine
@@ -77099,7 +77098,6 @@ CVE-2017-15642 (In lsx_aiffstartread in aiff.c in Sound 
eXchange (SoX) 14.4.2, t
        {DLA-1197-1}
        - sox 14.4.2-2 (bug #882144)
        [stretch] - sox <no-dsa> (Minor issue)
-       [jessie] - sox <no-dsa> (Minor issue)
        NOTE: https://sourceforge.net/p/sox/bugs/298/
 CVE-2017-15641
        RESERVED
@@ -77872,19 +77870,16 @@ CVE-2017-15372 (There is a stack-based buffer 
overflow in the ...)
        {DLA-1197-1}
        - sox 14.4.2-2 (bug #878808)
        [stretch] - sox <no-dsa> (Minor issue)
-       [jessie] - sox <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1500553
 CVE-2017-15371 (There is a reachable assertion abort in the function ...)
        {DLA-1197-1}
        - sox 14.4.2-2 (bug #878809)
        [stretch] - sox <no-dsa> (Minor issue)
-       [jessie] - sox <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1500570
 CVE-2017-15370 (There is a heap-based buffer overflow in the ImaExpandS 
function of ...)
        {DLA-1197-1}
        - sox 14.4.2-2 (bug #878810)
        [stretch] - sox <no-dsa> (Minor issue)
-       [jessie] - sox <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1500554
 CVE-2017-15369 (The build_filter_chain function in pdf/pdf-stream.c in Artifex 
MuPDF ...)
        - mupdf <not-affected> (Vulnerable code introduced later)
@@ -90209,14 +90204,12 @@ CVE-2017-11359 (The wavwritehdr function in wav.c in 
Sound eXchange (SoX) 14.4.2
        {DLA-1197-1}
        - sox 14.4.2-2 (bug #870328)
        [stretch] - sox <no-dsa> (Minor issue)
-       [jessie] - sox <no-dsa> (Minor issue)
        NOTE: http://seclists.org/fulldisclosure/2017/Jul/81
        NOTE: Upstream bug report https://sourceforge.net/p/sox/bugs/296/
 CVE-2017-11358 (The read_samples function in hcom.c in Sound eXchange (SoX) 
14.4.2 ...)
        {DLA-1197-1}
        - sox 14.4.2-2 (bug #870328)
        [stretch] - sox <no-dsa> (Minor issue)
-       [jessie] - sox <no-dsa> (Minor issue)
        NOTE: http://seclists.org/fulldisclosure/2017/Jul/81
        NOTE: Upstream bug report https://sourceforge.net/p/sox/bugs/296/
 CVE-2017-11357 (Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does 
not ...)
@@ -90351,7 +90344,6 @@ CVE-2017-11332 (The startread function in wav.c in 
Sound eXchange (SoX) 14.4.2 a
        {DLA-1197-1}
        - sox 14.4.2-2 (bug #870328)
        [stretch] - sox <no-dsa> (Minor issue)
-       [jessie] - sox <no-dsa> (Minor issue)
        NOTE: http://seclists.org/fulldisclosure/2017/Jul/81
        NOTE: Upstream bug report https://sourceforge.net/p/sox/bugs/296/
 CVE-2017-11331 (The wav_open function in oggenc/audio.c in Xiph.Org 
vorbis-tools 1.4.0 ...)


=====================================
data/dla-needed.txt
=====================================
@@ -126,6 +126,10 @@ qemu (Hugo Lefeuvre)
 --
 rdesktop (Emilio)
 --
+sox
+  NOTE:20190202: Fixed in Buster, Stretch will be fixed via point update. Used
+  NOTE: by sponsors. (apo)
+--
 symfony (Roberto C. Sánchez)
   NOTE: 20190128: Working on resolving FTFBS with feedback received from 
mailing list (roberto)
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/0023e6e4583b56e182571b3ba03f11d548a719aa...63e661c78947bd19fc03f75e474d7d16e20fdebc

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/0023e6e4583b56e182571b3ba03f11d548a719aa...63e661c78947bd19fc03f75e474d7d16e20fdebc
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 2 commits: Add sox to dla-needed.txt

Reply via email to