[SECURITY] [DLA 3527-1] sox security update

To: <debian-lts-announce@lists.debian.org>
Subject: [SECURITY] [DLA 3527-1] sox security update
From: Bastien Roucaries <rouca@debian.org>
Date: Sun, 13 Aug 2023 17:06:38 +0000
Message-id: <[🔎] 713fdff0a6a748abd88eeb66b1fab9cc.rouca@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3527-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                   Bastien RoucariÃ¨s
August 13, 2023                               https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : sox
Version        : 14.4.2+git20190427-1+deb10u3
CVE ID         : CVE-2023-32627
Debian Bug     : 1041112

SoX is a command line utility that can convert various formats
of computer audio files in to other formats. It can also apply
various effects to these sound files during the conversion.

Sox was vulnerable to divide by zero vulnerability by reading an
specialy crafted Creative Voice File (.voc) file, in the read_samples
function. This flaw can lead to a denial of service.

For Debian 10 buster, this problem has been fixed in version
14.4.2+git20190427-1+deb10u3.

We recommend that you upgrade your sox packages.

For the detailed security status of sox please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/sox

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmTZDZ4ACgkQADoaLapB
CF8jyA/9GF9DnkSHainlKEODBJOU+Hd5zRQOr4WrEljG/vfIP3vy2QU+TKDElooU
38qCoEFsFMM+Cqz/uDuIh0S3/0aZvY1b4xHhWeQYdJdI2fxw/aqLdGFL8zhkw464
9216XlHAypJLIbH1KFctRTdGIcvRPn1kxCWUK7kYOyjHp1tEfeMosGBwKe+630uI
ZyTdox2Dj8iEKUzfJyQ8gGTl2ZzfZ9AbQxGw5ttsx/+8csFON0x7mUC49mvU6Upp
k6ljjvZXhMI+f9Dlw3jmC9cjGOMaBbGtJsIKBMIILeTKoQETJ5K5ioN7FRWeTtrB
3kiRxjgIcVk5JFdZID657jnnxVdL+OP2eSGOccmZZKwkQX2rCoEePeo2lLuLGG0u
dQLAXSlZ5zJBGXKM52hKwIHc681a2RJ1zz1uM4ciGdtG2DO6X859q/HLTVyWJuVK
++HECDnuu33X3ZP70MbGcU7YW8S6Q5YAtjp2SQbcrAuh6g+rulzqcwhz5k6t34T2
0ZTMN5N1B97MV6l4ApQy0Qc9r0q7BIp4So43z7KCn81doemmYN3GFpXzfH2EDkzB
YLQ7doDwTeEOI58IJ1XnZxIKo6ggZyWza78j1ZXNdXMMLVgPQEKMjmAmND1EOe7z
Q2GYi+iyHXHlltgxHPi2Ok/zFRokDN/SHZY004PB+GTGM3Br0KI=
=2U9s
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3526-1] libreoffice security update
Next by Date: [SECURITY] [DLA 3426-3] netatalk regression update
Previous by thread: [SECURITY] [DLA 3526-1] libreoffice security update
Next by thread: [SECURITY] [DLA 3426-3] netatalk regression update
Index(es):
- Date
- Thread