Hugo Lefeuvre pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4e5b7398 by Hugo Lefeuvre at 2019-03-05T15:56:21Z
CVE-2017-113{32,58,59} and -15371: add upstream fixes
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -83593,6 +83593,7 @@ CVE-2017-15371 (There is a reachable assertion abort in
the function ...)
- sox 14.4.2-2 (bug #878809)
[stretch] - sox <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1500570
+ NOTE:
https://github.com/mansr/sox/commit/818bdd0ccc1e5b6cae742c740c17fd414935cf39
CVE-2017-15370 (There is a heap-based buffer overflow in the ImaExpandS
function of ...)
{DLA-1695-1 DLA-1197-1}
- sox 14.4.2-2 (bug #878810)
@@ -95920,12 +95921,14 @@ CVE-2017-11359 (The wavwritehdr function in wav.c in
Sound eXchange (SoX) 14.4.2
[stretch] - sox <no-dsa> (Minor issue)
NOTE: http://seclists.org/fulldisclosure/2017/Jul/81
NOTE: Upstream bug report https://sourceforge.net/p/sox/bugs/296/
+ NOTE:
https://github.com/mansr/sox/commit/8b590b3a52f4ccc4eea3f41b4a067c38b3565b60
CVE-2017-11358 (The read_samples function in hcom.c in Sound eXchange (SoX)
14.4.2 ...)
{DLA-1197-1}
- sox 14.4.2-2 (bug #870328)
[stretch] - sox <no-dsa> (Minor issue)
NOTE: http://seclists.org/fulldisclosure/2017/Jul/81
NOTE: Upstream bug report https://sourceforge.net/p/sox/bugs/296/
+ NOTE:
https://github.com/mansr/sox/commit/6cb44a44b9eda6b321ccdbf6483348d4a9798b00
CVE-2017-11357 (Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does
not ...)
NOT-FOR-US: Progress Telerik UI
CVE-2017-11356 (The application distribution export functionality in PEGA
Platform 7.2 ...)
@@ -96060,6 +96063,7 @@ CVE-2017-11332 (The startread function in wav.c in
Sound eXchange (SoX) 14.4.2 a
[stretch] - sox <no-dsa> (Minor issue)
NOTE: http://seclists.org/fulldisclosure/2017/Jul/81
NOTE: Upstream bug report https://sourceforge.net/p/sox/bugs/296/
+ NOTE:
https://github.com/mansr/sox/commit/7405bcaacb1ded8c595cb751d407cf738cb26571
CVE-2017-11331 (The wav_open function in oggenc/audio.c in Xiph.Org
vorbis-tools 1.4.0 ...)
- vorbis-tools <unfixed> (unimportant)
NOTE: The issue is "covered" by the fix applied in
0016-oggenc-validate-count-of-channels-in-the-header-CVE-.patch
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4e5b739866b8c22c25b92c7039a4b04818896cea
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4e5b739866b8c22c25b92c7039a4b04818896cea
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
