[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1032082: marked as done (sox: After security update, sox reports WAV file bits per sample is zero)

Your message dated Fri, 17 Mar 2023 17:47:07 +0000
with message-id <E1pdEAV-00HQbb-RA@fasolo.debian.org>
and subject line Bug#1032082: fixed in sox 14.4.2+git20190427-2+deb11u2
has caused the Debian Bug report #1032082,
regarding sox: After security update, sox reports WAV file bits per sample is zero
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1032082: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032082
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: sox
Version: 14.4.2+git20190427-2+deb11u1
Severity: normal
X-Debbugs-Cc: team@security.debian.org

Dear Maintainer,

We encounter an error that occurs after upgrading to 14.4.2+git20190427-2+deb11u1,
and disappears when downgrading to version 14.4.2+git20190427-2.
Both sox and soxi report an error for wave files with GSM codec,
that were created using libsndfile.

$ soxi test.wav
soxi FAIL formats: can't open input file `test.wav': WAV file bits per sample is zero

After the error, it does not futher process the file.
Previously, it would output information about the file or process it (convert it).

The bits per sample in the wave file header is indeed zero.
The number of bits per sample is dynamic for the GSM codec.
Previously sox and soxi would parse and handle such files without problems.

-- System Information:
Debian Release: 11.6
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable'), (100, 'bullseye-fasttrack')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-19-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages sox depends on:
ii  libc6             2.31-13+deb11u5
ii  libsox-fmt-alsa   14.4.2+git20190427-2+deb11u1
ii  libsox-fmt-ao     14.4.2+git20190427-2+deb11u1
ii  libsox-fmt-base   14.4.2+git20190427-2+deb11u1
ii  libsox-fmt-oss    14.4.2+git20190427-2+deb11u1
ii  libsox-fmt-pulse  14.4.2+git20190427-2+deb11u1
ii  libsox3           14.4.2+git20190427-2+deb11u1

sox recommends no packages.

Versions of packages sox suggests:
ii  libsox-fmt-all  14.4.2+git20190427-2+deb11u1

-- no debconf information

--- End Message ---
--- Begin Message --- 
Source: sox
Source-Version: 14.4.2+git20190427-2+deb11u2
Done: Salvatore Bonaccorso <carnil@debian.org>

We believe that the bug you reported is fixed in the latest version of
sox, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1032082@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated sox package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 16 Mar 2023 21:30:12 +0100
Source: sox
Architecture: source
Version: 14.4.2+git20190427-2+deb11u2
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 1032082
Changes:
 sox (14.4.2+git20190427-2+deb11u2) bullseye-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
 .
   [ Helmut Grohne ]
   * Fix regression in wav-gsm decodeing introduced via fixing CVE-2021-33844
     (Closes: #1032082)
Checksums-Sha1: 
 b8c93ec176ea1cd42e7c6e340e3f1ffee41ccae2 3013 sox_14.4.2+git20190427-2+deb11u2.dsc
 e259dc72837910c116ab184caf140e7b0d949435 27204 sox_14.4.2+git20190427-2+deb11u2.debian.tar.xz
Checksums-Sha256: 
 edf75742067d6e56a3c476c13a0c97331f19587e39bef010a986927fd3dd9b7d 3013 sox_14.4.2+git20190427-2+deb11u2.dsc
 e93f85a2f7a7c45489ae12444e5eb26bde6a4a85adaff0bfdf92c1cf86edcbc3 27204 sox_14.4.2+git20190427-2+deb11u2.debian.tar.xz
Files: 
 bf369953ccc588d3e1128b750cafa5e5 3013 sound optional sox_14.4.2+git20190427-2+deb11u2.dsc
 0868c4d2ce1b2e61620f06315263ed4c 27204 sound optional sox_14.4.2+git20190427-2+deb11u2.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmQThwtfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EjPsQAI0ZVgX2YeU5ViV+E37RIEbB7HA6Wo/l
YnKY3+j1BDPjs7625xMVVdzSSktUUbf9l1msC3OGCxQB1E0lAIXEAf0KRbV22rty
SCGKDhiIEx4VAc/3yUoYCr1ovpWgWjGQ/lnmUYDkboL1zwi0qF1DQ/dJcs9ckHTG
X2e7KzMG0smqywuqdtdYj/Z5yL8qr4pTUmm3Y1ChbSnYhHLecG9AHnGUXBdo3L9R
ELf14/iy8sXCA00Ls3ZkoF0DPwFETTA5UVQ4yP03hQFnKAG4Xpu0IQopmWpx+wsa
VeSr1j8+rMOoHEUlaNcI0QtdJwgBkmFAmUQZC7om9KY/I+DmqnKfO58STO1BUeho
ODCu/LYH5j6b0qLAF64Bm/nubGhqvcj/BJaNXaUe9oViplN8/YlGz+kfnfqxWKw6
mH6RqZ86NyGehOwBct48MUsPaxYhcv0KWmmUVlYcvgbibQjVonC5h5cZ/z2EX1f9
seCl6cbHsNN/DBPvxuXNit1fPjUrO6togGAvUT/3RyIIV566koEr9E+BA/yvwQY4
QAOB0DB0NftxSiNEGjhMd2Fcy9ixR0H/Wlbz5aaSDcSBzqdx8Oqq9RgCYqnka6Bq
dTepAJCdsR5ZYUDZz0WWn2bHnD3oNTxi2xztltCvp/M7hOyiQSBE2KlT8hpR6xOK
1Ql7mKlq+590
=qIfu
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: