Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits: a4ab5417 by Markus Koschany at 2019-02-02T12:54:31Z Add sox to dla-needed.txt - - - - - 63e661c7 by Markus Koschany at 2019-02-02T12:56:17Z Remove sox no-dsa tags. - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -51700,7 +51700,6 @@ CVE-2017-18189 (In the startread function in xa.c in Sound eXchange (SoX) throug {DLA-1197-1} - sox 14.4.2-2 (bug #881121) [stretch] - sox <no-dsa> (Minor issue) - [jessie] - sox <no-dsa> (Minor issue) NOTE: https://public-inbox.org/sox-devel/20171109114554.16297-1-m...@mansr.com/raw CVE-2018-7049 (An issue was discovered in Wowza Streaming Engine before 4.7.1. There ...) NOT-FOR-US: Wowza Streaming Engine @@ -77099,7 +77098,6 @@ CVE-2017-15642 (In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, t {DLA-1197-1} - sox 14.4.2-2 (bug #882144) [stretch] - sox <no-dsa> (Minor issue) - [jessie] - sox <no-dsa> (Minor issue) NOTE: https://sourceforge.net/p/sox/bugs/298/ CVE-2017-15641 RESERVED @@ -77872,19 +77870,16 @@ CVE-2017-15372 (There is a stack-based buffer overflow in the ...) {DLA-1197-1} - sox 14.4.2-2 (bug #878808) [stretch] - sox <no-dsa> (Minor issue) - [jessie] - sox <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1500553 CVE-2017-15371 (There is a reachable assertion abort in the function ...) {DLA-1197-1} - sox 14.4.2-2 (bug #878809) [stretch] - sox <no-dsa> (Minor issue) - [jessie] - sox <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1500570 CVE-2017-15370 (There is a heap-based buffer overflow in the ImaExpandS function of ...) {DLA-1197-1} - sox 14.4.2-2 (bug #878810) [stretch] - sox <no-dsa> (Minor issue) - [jessie] - sox <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1500554 CVE-2017-15369 (The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF ...) - mupdf <not-affected> (Vulnerable code introduced later) @@ -90209,14 +90204,12 @@ CVE-2017-11359 (The wavwritehdr function in wav.c in Sound eXchange (SoX) 14.4.2 {DLA-1197-1} - sox 14.4.2-2 (bug #870328) [stretch] - sox <no-dsa> (Minor issue) - [jessie] - sox <no-dsa> (Minor issue) NOTE: http://seclists.org/fulldisclosure/2017/Jul/81 NOTE: Upstream bug report https://sourceforge.net/p/sox/bugs/296/ CVE-2017-11358 (The read_samples function in hcom.c in Sound eXchange (SoX) 14.4.2 ...) {DLA-1197-1} - sox 14.4.2-2 (bug #870328) [stretch] - sox <no-dsa> (Minor issue) - [jessie] - sox <no-dsa> (Minor issue) NOTE: http://seclists.org/fulldisclosure/2017/Jul/81 NOTE: Upstream bug report https://sourceforge.net/p/sox/bugs/296/ CVE-2017-11357 (Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not ...) @@ -90351,7 +90344,6 @@ CVE-2017-11332 (The startread function in wav.c in Sound eXchange (SoX) 14.4.2 a {DLA-1197-1} - sox 14.4.2-2 (bug #870328) [stretch] - sox <no-dsa> (Minor issue) - [jessie] - sox <no-dsa> (Minor issue) NOTE: http://seclists.org/fulldisclosure/2017/Jul/81 NOTE: Upstream bug report https://sourceforge.net/p/sox/bugs/296/ CVE-2017-11331 (The wav_open function in oggenc/audio.c in Xiph.Org vorbis-tools 1.4.0 ...) ===================================== data/dla-needed.txt ===================================== @@ -126,6 +126,10 @@ qemu (Hugo Lefeuvre) -- rdesktop (Emilio) -- +sox + NOTE:20190202: Fixed in Buster, Stretch will be fixed via point update. Used + NOTE: by sponsors. (apo) +-- symfony (Roberto C. Sánchez) NOTE: 20190128: Working on resolving FTFBS with feedback received from mailing list (roberto) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/0023e6e4583b56e182571b3ba03f11d548a719aa...63e661c78947bd19fc03f75e474d7d16e20fdebc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/0023e6e4583b56e182571b3ba03f11d548a719aa...63e661c78947bd19fc03f75e474d7d16e20fdebc You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits