Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 917fef3b by Salvatore Bonaccorso at 2023-02-04T09:59:30+01:00 Reference oss-security post with patches for sox issues - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -58138,12 +58138,14 @@ CVE-2022-31651 (In SoX 14.4.2, there is an assertion failure in rate_init in rat [buster] - sox <no-dsa> (Minor issue) [stretch] - sox <no-dsa> (Minor issue) NOTE: https://sourceforge.net/p/sox/bugs/360/ + NOTE: https://www.openwall.com/lists/oss-security/2023/02/03/3 CVE-2022-31650 (In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwri ...) - sox 14.4.2+git20190427-3.1 (bug #1012516) [bullseye] - sox <no-dsa> (Minor issue) [buster] - sox <no-dsa> (Minor issue) [stretch] - sox <no-dsa> (Minor issue) NOTE: https://sourceforge.net/p/sox/bugs/360/ + NOTE: https://www.openwall.com/lists/oss-security/2023/02/03/3 CVE-2022-31649 (ownCloud owncloud/core before 10.10.0 Improperly Removes Sensitive Inf ...) - owncloud <removed> CVE-2022-31648 (Talend Administration Center is vulnerable to a reflected Cross-Site S ...) @@ -108030,6 +108032,7 @@ CVE-2021-40426 (A heap-based buffer overflow vulnerability exists in the sphere. - sox 14.4.2+git20190427-3.1 (bug #1012138) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1434 NOTE: https://sourceforge.net/p/sox/bugs/362/ + NOTE: https://www.openwall.com/lists/oss-security/2023/02/03/3 CVE-2021-40425 (An out-of-bounds read vulnerability exists in the IOCTL GetProcessComm ...) NOT-FOR-US: Webroot CVE-2021-40424 (An out-of-bounds read vulnerability exists in the IOCTL GetProcessComm ...) @@ -117427,6 +117430,7 @@ CVE-2021-3643 (A flaw was found in sox 14.4.1. The lsx_adpcm_init function withi NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1980626 NOTE: Triggered by same reproducer as for CVE-2021-23210 NOTE: https://sourceforge.net/p/sox/bugs/351/ + NOTE: https://www.openwall.com/lists/oss-security/2023/02/03/3 CVE-2021-38193 (An issue was discovered in the ammonia crate before 3.1.0 for Rust. XS ...) - rust-ammonia 3.1.2-1 (bug #991497) NOTE: https://github.com/rust-ammonia/ammonia/commit/4b8426b89b861d9bea20e126576b0febb9d13515 @@ -124225,6 +124229,7 @@ CVE-2021-33844 (A floating point exception (divide-by-zero) issue was discovered - sox 14.4.2+git20190427-3.1 (bug #1021135) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975664 NOTE: https://sourceforge.net/p/sox/bugs/349/ + NOTE: https://www.openwall.com/lists/oss-security/2023/02/03/3 CVE-2021-33842 (Improper Authentication vulnerability in the cookie parameter of Circu ...) NOT-FOR-US: Circutor SGE-PLC1000 firmware CVE-2021-33841 (SGE-PLC1000 device, in its 0.9.2b firmware version, does not handle so ...) @@ -124236,14 +124241,17 @@ CVE-2021-23210 (A floating point exception (divide-by-zero) issue was discovered [stretch] - sox <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975670 NOTE: https://sourceforge.net/p/sox/bugs/351/ + NOTE: https://www.openwall.com/lists/oss-security/2023/02/03/3 CVE-2021-23172 (A vulnerability was found in SoX, where a heap-buffer-overflow occurs ...) - sox 14.4.2+git20190427-3.1 (bug #1021134) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975666 NOTE: https://sourceforge.net/p/sox/bugs/350/ + NOTE: https://www.openwall.com/lists/oss-security/2023/02/03/3 CVE-2021-23159 (A vulnerability was found in SoX, where a heap-buffer-overflow occurs ...) - sox 14.4.2+git20190427-3.1 (bug #1021133) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975671 NOTE: https://sourceforge.net/p/sox/bugs/352/ + NOTE: https://www.openwall.com/lists/oss-security/2023/02/03/3 CVE-2021-33840 (The server in Luca through 1.1.14 allows remote attackers to cause a d ...) NOT-FOR-US: Luca CVE-2021-33839 (Luca through 1.7.4 on Android allows remote attackers to obtain sensit ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/917fef3b49bc9306f9b91c870d2f037ec84d8dd2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/917fef3b49bc9306f9b91c870d2f037ec84d8dd2 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits