Your message dated Fri, 24 Nov 2017 09:21:30 +0000
with message-id <e1eiaas-0001e4...@fasolo.debian.org>
and subject line Bug#882236: fixed in sox 14.4.2-2
has caused the Debian Bug report #882236,
regarding missing error checking when encoding vorbis
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
882236: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882236
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libvorbis
Version: 1.3.5-4
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for libvorbis, can you
double-check the report.
CVE-2017-11333[0]:
| The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis
| 1.3.5 allows remote attackers to cause a denial of service (OOM) via a
| crafted wav file.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-11333
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11333
[1] http://seclists.org/fulldisclosure/2017/Jul/82
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: sox
Source-Version: 14.4.2-2
We believe that the bug you reported is fixed in the latest version of
sox, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 882...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jaromír Mikeš <mira.mi...@seznam.cz> (supplier of updated sox package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 24 Nov 2017 09:12:48 +0100
Source: sox
Binary: sox libsox3 libsox-fmt-base libsox-fmt-alsa libsox-fmt-ao
libsox-fmt-mp3 libsox-fmt-oss libsox-fmt-pulse libsox-fmt-all libsox-dev
Architecture: source
Version: 14.4.2-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Multimedia Maintainers
<pkg-multimedia-maintainers@lists.alioth.debian.org>
Changed-By: Jaromír Mikeš <mira.mi...@seznam.cz>
Description:
libsox-dev - Development files for the SoX library
libsox-fmt-all - All SoX format libraries
libsox-fmt-alsa - SoX alsa format I/O library
libsox-fmt-ao - SoX Libao format I/O library
libsox-fmt-base - Minimal set of SoX format libraries
libsox-fmt-mp3 - SoX MP2 and MP3 format library
libsox-fmt-oss - SoX OSS format I/O library
libsox-fmt-pulse - SoX PulseAudio format I/O library
libsox3 - SoX library of audio effects and processing
sox - Swiss army knife of sound processing
Closes: 878808 882144 882236
Changes:
sox (14.4.2-2) unstable; urgency=medium
.
* Upload to unstable to start transition.
* Add patch to fix CVE-2017-15372. (Closes: #878808)
* Add patch to fix CVE-2017-15642. (Closes: #882144)
* Add patch to fix CVE-2017-11333 in vorbis lib. (Closes: #882236)
Checksums-Sha1:
b8ab4c36c8ec68dcbcd604bb7391a4180d4f5962 2758 sox_14.4.2-2.dsc
287b90c95ac1cf1e505f302bab797411fc75c7c5 22864 sox_14.4.2-2.debian.tar.xz
f7ff435ee3603350e01fc32ad1d6d549e41fdd7c 12434 sox_14.4.2-2_amd64.buildinfo
Checksums-Sha256:
3fd4152facadfe95b14b2dba9ed273f8b613f9b6e0cc4508a204177480156776 2758
sox_14.4.2-2.dsc
24ae960b7f5f00cb3fca668bbe5ea2d2b4619d953e8914240f5ce28104aa7e0c 22864
sox_14.4.2-2.debian.tar.xz
3f3a36a467db4e4f74003de097a4025c079628c5a118f49a756b3d349b4d3324 12434
sox_14.4.2-2_amd64.buildinfo
Files:
b712e055958a93008d7e87e4da7017fe 2758 sound optional sox_14.4.2-2.dsc
4760968c44056b1600c8897ab66f0a0d 22864 sound optional
sox_14.4.2-2.debian.tar.xz
c6d792bdf47b24bb52f3daabc041ff5f 12434 sound optional
sox_14.4.2-2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJJBAEBCgAzFiEESlQ1E9LfY1GoF46jWwGUVeK4T6UFAloX1kkVHG1pcmEubWlr
ZXNAc2V6bmFtLmN6AAoJEFsBlFXiuE+lK70QALIckxm/FQ43TX6XCwOrRWnrZmAm
YhIbFds7NJCp6yaO5HczrpNZAD9brDVwkU4ZVYohwLK1pqk13hPcyiIPfTM3EG/h
/fXXJ1PQYgGbn+asbzgziP5k0BZBBBxRh4rH2ODKU4w7nlLmu/femJugBRTtpQ6e
rIX4kbUqix1FU88uoIqBXPRUrHsrhmQqcmzeVDCuM9Tuy6GoHQ/MzDfYbEOmNdd/
wnKQsIH/1zBm85y/+1DwT9C0X4eO8eEno1aLi6zKtVobZorhv/pT0oPmo8mamEqH
T2Bfw6fObGC8Ef+WBxMvU6NZVdM+FDmO1CfPMNDuJ5fIv5Ii3702o2qBSvlk6/2s
CslJlqUGmU4/ZY+6XgnY++qPdp32GszhwV8P7cPT+8LSXc3DbTdELhyu2cRVampn
+Xu1HPk06OpjHNOGng/v7bjrYbOrTqZUBqg8WHh9a6it8akOTGcAWXrL62tfrAOV
9iGJTQ5N5+DhxGkAg7O5S2NpSzWe0eghS/MHYMZ+aCWxxsIa3NErVjVTwPC1pP2p
uPrTPSJObvKiSOTbZPTpdENa+Q8KZe4TRM6T1EgxXFYEGKtutlnLZIcJDFfsb6DH
MoVnaldrWM8SKUiB8MBHLsy7FPiFSRs9LnwcRJ0r6c5ZcSs9IH7kJ4ISuAHCAKjX
eOIGe9+bUP25VbHk
=KDL4
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
