--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: sox: After security update, sox reports WAV file bits per sample is zero
- From: Vidicode Support <support@vidicode.com>
- Date: Mon, 27 Feb 2023 17:02:29 +0000
- Message-id: <AM9PR07MB7714043610F429A74EEC43CCC2AF9@AM9PR07MB7714.eurprd07.prod.outlook.com>
Package: sox
Version: 14.4.2+git20190427-2+deb11u1
Severity: normal
X-Debbugs-Cc: team@security.debian.org
Dear Maintainer,
We encounter an error that occurs after upgrading to 14.4.2+git20190427-2+deb11u1,
and disappears when downgrading to version 14.4.2+git20190427-2.
Both sox and soxi report an error for wave files with GSM codec,
that were created using libsndfile.
$ soxi test.wav
soxi FAIL formats: can't open input file `test.wav': WAV file bits per sample is zero
After the error, it does not futher process the file.
Previously, it would output information about the file or process it (convert it).
The bits per sample in the wave file header is indeed zero.
The number of bits per sample is dynamic for the GSM codec.
Previously sox and soxi would parse and handle such files without problems.
-- System Information:
Debian Release: 11.6
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable'), (100, 'bullseye-fasttrack')
Architecture: amd64 (x86_64)
Kernel: Linux 5.10.0-19-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages sox depends on:
ii libc6 2.31-13+deb11u5
ii libsox-fmt-alsa 14.4.2+git20190427-2+deb11u1
ii libsox-fmt-ao 14.4.2+git20190427-2+deb11u1
ii libsox-fmt-base 14.4.2+git20190427-2+deb11u1
ii libsox-fmt-oss 14.4.2+git20190427-2+deb11u1
ii libsox-fmt-pulse 14.4.2+git20190427-2+deb11u1
ii libsox3 14.4.2+git20190427-2+deb11u1
sox recommends no packages.
Versions of packages sox suggests:
ii libsox-fmt-all 14.4.2+git20190427-2+deb11u1
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: sox
Source-Version: 14.4.2+git20190427-2+deb11u2
Done: Salvatore Bonaccorso <carnil@debian.org>
We believe that the bug you reported is fixed in the latest version of
sox, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1032082@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated sox package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 16 Mar 2023 21:30:12 +0100
Source: sox
Architecture: source
Version: 14.4.2+git20190427-2+deb11u2
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 1032082
Changes:
sox (14.4.2+git20190427-2+deb11u2) bullseye-security; urgency=high
.
* Non-maintainer upload by the Security Team.
.
[ Helmut Grohne ]
* Fix regression in wav-gsm decodeing introduced via fixing CVE-2021-33844
(Closes: #1032082)
Checksums-Sha1:
b8c93ec176ea1cd42e7c6e340e3f1ffee41ccae2 3013 sox_14.4.2+git20190427-2+deb11u2.dsc
e259dc72837910c116ab184caf140e7b0d949435 27204 sox_14.4.2+git20190427-2+deb11u2.debian.tar.xz
Checksums-Sha256:
edf75742067d6e56a3c476c13a0c97331f19587e39bef010a986927fd3dd9b7d 3013 sox_14.4.2+git20190427-2+deb11u2.dsc
e93f85a2f7a7c45489ae12444e5eb26bde6a4a85adaff0bfdf92c1cf86edcbc3 27204 sox_14.4.2+git20190427-2+deb11u2.debian.tar.xz
Files:
bf369953ccc588d3e1128b750cafa5e5 3013 sound optional sox_14.4.2+git20190427-2+deb11u2.dsc
0868c4d2ce1b2e61620f06315263ed4c 27204 sound optional sox_14.4.2+git20190427-2+deb11u2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmQThwtfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EjPsQAI0ZVgX2YeU5ViV+E37RIEbB7HA6Wo/l
YnKY3+j1BDPjs7625xMVVdzSSktUUbf9l1msC3OGCxQB1E0lAIXEAf0KRbV22rty
SCGKDhiIEx4VAc/3yUoYCr1ovpWgWjGQ/lnmUYDkboL1zwi0qF1DQ/dJcs9ckHTG
X2e7KzMG0smqywuqdtdYj/Z5yL8qr4pTUmm3Y1ChbSnYhHLecG9AHnGUXBdo3L9R
ELf14/iy8sXCA00Ls3ZkoF0DPwFETTA5UVQ4yP03hQFnKAG4Xpu0IQopmWpx+wsa
VeSr1j8+rMOoHEUlaNcI0QtdJwgBkmFAmUQZC7om9KY/I+DmqnKfO58STO1BUeho
ODCu/LYH5j6b0qLAF64Bm/nubGhqvcj/BJaNXaUe9oViplN8/YlGz+kfnfqxWKw6
mH6RqZ86NyGehOwBct48MUsPaxYhcv0KWmmUVlYcvgbibQjVonC5h5cZ/z2EX1f9
seCl6cbHsNN/DBPvxuXNit1fPjUrO6togGAvUT/3RyIIV566koEr9E+BA/yvwQY4
QAOB0DB0NftxSiNEGjhMd2Fcy9ixR0H/Wlbz5aaSDcSBzqdx8Oqq9RgCYqnka6Bq
dTepAJCdsR5ZYUDZz0WWn2bHnD3oNTxi2xztltCvp/M7hOyiQSBE2KlT8hpR6xOK
1Ql7mKlq+590
=qIfu
-----END PGP SIGNATURE-----
--- End Message ---