[Git][security-tracker-team/security-tracker][master] Reference oss-security post with patches for sox issues

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
917fef3b by Salvatore Bonaccorso at 2023-02-04T09:59:30+01:00
Reference oss-security post with patches for sox issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -58138,12 +58138,14 @@ CVE-2022-31651 (In SoX 14.4.2, there is an assertion 
failure in rate_init in rat
        [buster] - sox <no-dsa> (Minor issue)
        [stretch] - sox <no-dsa> (Minor issue)
        NOTE: https://sourceforge.net/p/sox/bugs/360/
+       NOTE: https://www.openwall.com/lists/oss-security/2023/02/03/3
 CVE-2022-31650 (In SoX 14.4.2, there is a floating-point exception in 
lsx_aiffstartwri ...)
        - sox 14.4.2+git20190427-3.1 (bug #1012516)
        [bullseye] - sox <no-dsa> (Minor issue)
        [buster] - sox <no-dsa> (Minor issue)
        [stretch] - sox <no-dsa> (Minor issue)
        NOTE: https://sourceforge.net/p/sox/bugs/360/
+       NOTE: https://www.openwall.com/lists/oss-security/2023/02/03/3
 CVE-2022-31649 (ownCloud owncloud/core before 10.10.0 Improperly Removes 
Sensitive Inf ...)
        - owncloud <removed>
 CVE-2022-31648 (Talend Administration Center is vulnerable to a reflected 
Cross-Site S ...)
@@ -108030,6 +108032,7 @@ CVE-2021-40426 (A heap-based buffer overflow 
vulnerability exists in the sphere.
        - sox 14.4.2+git20190427-3.1 (bug #1012138)
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1434
        NOTE: https://sourceforge.net/p/sox/bugs/362/
+       NOTE: https://www.openwall.com/lists/oss-security/2023/02/03/3
 CVE-2021-40425 (An out-of-bounds read vulnerability exists in the IOCTL 
GetProcessComm ...)
        NOT-FOR-US: Webroot
 CVE-2021-40424 (An out-of-bounds read vulnerability exists in the IOCTL 
GetProcessComm ...)
@@ -117427,6 +117430,7 @@ CVE-2021-3643 (A flaw was found in sox 14.4.1. The 
lsx_adpcm_init function withi
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1980626
        NOTE: Triggered by same reproducer as for CVE-2021-23210
        NOTE: https://sourceforge.net/p/sox/bugs/351/
+       NOTE: https://www.openwall.com/lists/oss-security/2023/02/03/3
 CVE-2021-38193 (An issue was discovered in the ammonia crate before 3.1.0 for 
Rust. XS ...)
        - rust-ammonia 3.1.2-1 (bug #991497)
        NOTE: 
https://github.com/rust-ammonia/ammonia/commit/4b8426b89b861d9bea20e126576b0febb9d13515
@@ -124225,6 +124229,7 @@ CVE-2021-33844 (A floating point exception 
(divide-by-zero) issue was discovered
        - sox 14.4.2+git20190427-3.1 (bug #1021135)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975664
        NOTE: https://sourceforge.net/p/sox/bugs/349/
+       NOTE: https://www.openwall.com/lists/oss-security/2023/02/03/3
 CVE-2021-33842 (Improper Authentication vulnerability in the cookie parameter 
of Circu ...)
        NOT-FOR-US: Circutor SGE-PLC1000 firmware
 CVE-2021-33841 (SGE-PLC1000 device, in its 0.9.2b firmware version, does not 
handle so ...)
@@ -124236,14 +124241,17 @@ CVE-2021-23210 (A floating point exception 
(divide-by-zero) issue was discovered
        [stretch] - sox <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975670
        NOTE: https://sourceforge.net/p/sox/bugs/351/
+       NOTE: https://www.openwall.com/lists/oss-security/2023/02/03/3
 CVE-2021-23172 (A vulnerability was found in SoX, where a heap-buffer-overflow 
occurs  ...)
        - sox 14.4.2+git20190427-3.1 (bug #1021134)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975666
        NOTE: https://sourceforge.net/p/sox/bugs/350/
+       NOTE: https://www.openwall.com/lists/oss-security/2023/02/03/3
 CVE-2021-23159 (A vulnerability was found in SoX, where a heap-buffer-overflow 
occurs  ...)
        - sox 14.4.2+git20190427-3.1 (bug #1021133)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975671
        NOTE: https://sourceforge.net/p/sox/bugs/352/
+       NOTE: https://www.openwall.com/lists/oss-security/2023/02/03/3
 CVE-2021-33840 (The server in Luca through 1.1.14 allows remote attackers to 
cause a d ...)
        NOT-FOR-US: Luca
 CVE-2021-33839 (Luca through 1.7.4 on Android allows remote attackers to 
obtain sensit ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/917fef3b49bc9306f9b91c870d2f037ec84d8dd2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/917fef3b49bc9306f9b91c870d2f037ec84d8dd2
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits