Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a6145b00 by Moritz Mühlenhoff at 2023-02-20T19:58:57+01:00
sox DSA
- - - - -
3 changed files:
- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -61155,13 +61155,11 @@ CVE-2022-31652
CVE-2022-31651 (In SoX 14.4.2, there is an assertion failure in rate_init in
rate.c in ...)
{DLA-3315-1}
- sox 14.4.2+git20190427-3.1 (bug #1012516)
- [bullseye] - sox <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/sox/bugs/360/
NOTE: https://www.openwall.com/lists/oss-security/2023/02/03/3
CVE-2022-31650 (In SoX 14.4.2, there is a floating-point exception in
lsx_aiffstartwri ...)
{DLA-3315-1}
- sox 14.4.2+git20190427-3.1 (bug #1012516)
- [bullseye] - sox <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/sox/bugs/360/
NOTE: https://www.openwall.com/lists/oss-security/2023/02/03/3
CVE-2022-31649 (ownCloud owncloud/core before 10.10.0 Improperly Removes
Sensitive Inf ...)
@@ -120471,7 +120469,6 @@ CVE-2021-36716 (A ReDoS (regular expression denial of
service) flaw was found in
CVE-2021-3643 (A flaw was found in sox 14.4.1. The lsx_adpcm_init function
within lib ...)
{DLA-3315-1}
- sox 14.4.2+git20190427-3.2 (bug #1010374)
- [bullseye] - sox <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1980626
NOTE: Triggered by same reproducer as for CVE-2021-23210
NOTE: https://sourceforge.net/p/sox/bugs/351/
@@ -127280,7 +127277,6 @@ CVE-2021-33841 (SGE-PLC1000 device, in its 0.9.2b
firmware version, does not han
CVE-2021-23210 (A floating point exception (divide-by-zero) issue was
discovered in So ...)
{DLA-3315-1}
- sox 14.4.2+git20190427-3.2 (bug #1010374)
- [bullseye] - sox <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975670
NOTE: https://sourceforge.net/p/sox/bugs/351/
NOTE: https://www.openwall.com/lists/oss-security/2023/02/03/3
=====================================
data/DSA/list
=====================================
@@ -1,3 +1,6 @@
+[20 Feb 2023] DSA-5356-1 sox - security update
+ {CVE-2021-3643 CVE-2021-23159 CVE-2021-23172 CVE-2021-23210
CVE-2021-33844 CVE-2021-40426 CVE-2022-31650 CVE-2022-31651}
+ [bullseye] - sox 14.4.2+git20190427-2+deb11u1
[18 Feb 2023] DSA-5355-1 thunderbird - security update
{CVE-2022-46871 CVE-2022-46877 CVE-2023-0430 CVE-2023-0616
CVE-2023-0767 CVE-2023-23598 CVE-2023-23601 CVE-2023-23602 CVE-2023-23603
CVE-2023-23605 CVE-2023-25728 CVE-2023-25729 CVE-2023-25730 CVE-2023-25732
CVE-2023-25735 CVE-2023-25737 CVE-2023-25739 CVE-2023-25742 CVE-2023-25744
CVE-2023-25746}
[bullseye] - thunderbird 1:102.8.0-1~deb11u1
=====================================
data/dsa-needed.txt
=====================================
@@ -56,9 +56,6 @@ samba
sofia-sip
Maintainer proposed debdiff for review with additional question and sent a
followup
--
-sox (jmm)
- patch needed for CVE-2021-40426, check with upstream
---
tiff (aron)
--
xrdp
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a6145b0031de33e3acb93c4c6511b3beacd1e3de
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a6145b0031de33e3acb93c4c6511b3beacd1e3de
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
