Package: sox Version: 14.4.2+git20190427-5+b3 Severity: important X-Debbugs-Cc: [email protected]
sox_ng forked from sox.sf.net in May 2024. fixes all 20 or so CVEs, some of which could lead to code injection using crafted malformed compressed format files (whic is why I mark it as "important"). It also fixes other bugs, SEGVs and stuff, adds support for dozens more formats and has grown a few more effects. There are several release lines, currently at 14.4.5 to 14.7.0 for bug-fix only to more and more new features and they can be configured to replace the standard sox filenames with links to _ng or can live side by side. Most distros are deciding to replace, as it is backwards-compatible, and the latest stable release seems stable. https://codeberg.org/sox_ng/sox_ng I'm on good terms with all the original developers I've contacted and one has been murmuring for a year or so about importing the _ng fixes to sox.sf.net but they are presumed busy doing much more interesting things. Blessings & keep up the good work M -- System Information: Debian Release: 13.1 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.12.43+deb13-amd64 (SMP w/4 CPU threads; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages sox depends on: ii libc6 2.41-12 ii libsox-fmt-alsa 14.4.2+git20190427-5+b3 ii libsox-fmt-ao 14.4.2+git20190427-5+b3 ii libsox-fmt-base 14.4.2+git20190427-5+b3 ii libsox-fmt-oss 14.4.2+git20190427-5+b3 ii libsox-fmt-pulse 14.4.2+git20190427-5+b3 ii libsox3 14.4.2+git20190427-5+b3 sox recommends no packages. Versions of packages sox suggests: ii libsox-fmt-all 14.4.2+git20190427-5+b3 -- no debconf information
