[Git][security-tracker-team/security-tracker][master] Track fixed version for vorbis-tools issues

Sun, 13 Apr 2025 04:41:42 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d560a7ad by Salvatore Bonaccorso at 2025-04-13T13:40:09+02:00
Track fixed version for vorbis-tools issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -151456,7 +151456,7 @@ CVE-2023-43835 (Super Store Finder 3.7 and below is 
vulnerable to authenticated
 CVE-2023-43627 (Path traversal vulnerability in ACERA 1320 firmware ver.01.26 
and earl ...)
        NOT-FOR-US: ACERA firmware
 CVE-2023-43361 (Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a 
local a ...)
-       - vorbis-tools <unfixed> (unimportant)
+       - vorbis-tools 1.4.3-1 (unimportant)
        NOTE: Crash in CLI tool, no security impact
        NOTE: https://github.com/xiph/vorbis-tools/issues/41
        NOTE: https://gitlab.xiph.org/xiph/vorbis-tools/-/merge_requests/7
@@ -564055,7 +564055,7 @@ CVE-2017-11332 (The startread function in wav.c in 
Sound eXchange (SoX) 14.4.2 a
        NOTE: Upstream bug report https://sourceforge.net/p/sox/bugs/296/
        NOTE: 
https://github.com/mansr/sox/commit/7405bcaacb1ded8c595cb751d407cf738cb26571
 CVE-2017-11331 (The wav_open function in oggenc/audio.c in Xiph.Org 
vorbis-tools 1.4.0 ...)
-       - vorbis-tools <unfixed> (unimportant)
+       - vorbis-tools 1.4.3-1 (unimportant)
        NOTE: The issue is "covered" by the fix applied in 
0016-oggenc-validate-count-of-channels-in-the-header-CVE-.patch
        NOTE: still the return of malloc is not checked.
        NOTE: http://seclists.org/fulldisclosure/2017/Jul/80



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d560a7ad14aa5f086ed810af20c654fa1280176d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d560a7ad14aa5f086ed810af20c654fa1280176d
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to