-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3527-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès August 13, 2023 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : sox Version : 14.4.2+git20190427-1+deb10u3 CVE ID : CVE-2023-32627 Debian Bug : 1041112 SoX is a command line utility that can convert various formats of computer audio files in to other formats. It can also apply various effects to these sound files during the conversion. Sox was vulnerable to divide by zero vulnerability by reading an specialy crafted Creative Voice File (.voc) file, in the read_samples function. This flaw can lead to a denial of service. For Debian 10 buster, this problem has been fixed in version 14.4.2+git20190427-1+deb10u3. We recommend that you upgrade your sox packages. For the detailed security status of sox please refer to its security tracker page at: https://security-tracker.debian.org/tracker/sox Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmTZDZ4ACgkQADoaLapB CF8jyA/9GF9DnkSHainlKEODBJOU+Hd5zRQOr4WrEljG/vfIP3vy2QU+TKDElooU 38qCoEFsFMM+Cqz/uDuIh0S3/0aZvY1b4xHhWeQYdJdI2fxw/aqLdGFL8zhkw464 9216XlHAypJLIbH1KFctRTdGIcvRPn1kxCWUK7kYOyjHp1tEfeMosGBwKe+630uI ZyTdox2Dj8iEKUzfJyQ8gGTl2ZzfZ9AbQxGw5ttsx/+8csFON0x7mUC49mvU6Upp k6ljjvZXhMI+f9Dlw3jmC9cjGOMaBbGtJsIKBMIILeTKoQETJ5K5ioN7FRWeTtrB 3kiRxjgIcVk5JFdZID657jnnxVdL+OP2eSGOccmZZKwkQX2rCoEePeo2lLuLGG0u dQLAXSlZ5zJBGXKM52hKwIHc681a2RJ1zz1uM4ciGdtG2DO6X859q/HLTVyWJuVK ++HECDnuu33X3ZP70MbGcU7YW8S6Q5YAtjp2SQbcrAuh6g+rulzqcwhz5k6t34T2 0ZTMN5N1B97MV6l4ApQy0Qc9r0q7BIp4So43z7KCn81doemmYN3GFpXzfH2EDkzB YLQ7doDwTeEOI58IJ1XnZxIKo6ggZyWza78j1ZXNdXMMLVgPQEKMjmAmND1EOe7z Q2GYi+iyHXHlltgxHPi2Ok/zFRokDN/SHZY004PB+GTGM3Br0KI= =2U9s -----END PGP SIGNATURE-----
