Control: severity -1 normal Control: merge 1108753 -1 On 2026-01-12 03:59:01 +0100, Martin Guy wrote: > Package: sox > Version: 14.4.2+git20190427-5+b3 > Severity: important > X-Debbugs-Cc: [email protected] > > sox_ng forked from sox.sf.net in May 2024. fixes all 20 or so CVEs, > some of which could lead to code injection using crafted malformed > compressed format files (whic is why I mark it as "important").
There is already #1108753. The upload for the switch is already in NEW. Cheers > > It also fixes other bugs, SEGVs and stuff, adds support for dozens > more formats and has grown a few more effects. > > There are several release lines, currently at 14.4.5 to 14.7.0 > for bug-fix only to more and more new features > and they can be configured to replace the standard sox filenames > with links to _ng or can live side by side. Most distros are deciding > to replace, as it is backwards-compatible, and the latest stable release > seems stable. > > https://codeberg.org/sox_ng/sox_ng > > I'm on good terms with all the original developers I've contacted and one > has been murmuring for a year or so about importing the _ng fixes to > sox.sf.net > but they are presumed busy doing much more interesting things. > > Blessings & keep up the good work > > M > > -- System Information: > Debian Release: 13.1 > APT prefers stable > APT policy: (500, 'stable') > Architecture: amd64 (x86_64) > Foreign Architectures: i386 > > Kernel: Linux 6.12.43+deb13-amd64 (SMP w/4 CPU threads; PREEMPT) > Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), > LANGUAGE=en_US:en > Shell: /bin/sh linked to /usr/bin/dash > Init: systemd (via /run/systemd/system) > LSM: AppArmor: enabled > > Versions of packages sox depends on: > ii libc6 2.41-12 > ii libsox-fmt-alsa 14.4.2+git20190427-5+b3 > ii libsox-fmt-ao 14.4.2+git20190427-5+b3 > ii libsox-fmt-base 14.4.2+git20190427-5+b3 > ii libsox-fmt-oss 14.4.2+git20190427-5+b3 > ii libsox-fmt-pulse 14.4.2+git20190427-5+b3 > ii libsox3 14.4.2+git20190427-5+b3 > > sox recommends no packages. > > Versions of packages sox suggests: > ii libsox-fmt-all 14.4.2+git20190427-5+b3 > > -- no debconf information > -- Sebastian Ramacher
