Re: What to do with sox

To: debian-lts@lists.debian.org
Subject: Re: What to do with sox
From: Enrico Zini <enrico@enricozini.org>
Date: Tue, 28 Jun 2022 11:02:05 +0200
Message-id: <[🔎] 20220628090205.tgzx2f5l34bjcpy7@enricozini.org>
In-reply-to: <[🔎] 20220627150821.GA7953@inutil.org>
References: <[🔎] 20220627140146.43xxjqh3zct2fiux@enricozini.org> <[🔎] 20220627150821.GA7953@inutil.org>

On Mon, Jun 27, 2022 at 05:08:21PM +0200, Moritz Muehlenhoff wrote:

> The only relevant open CVE ID for sox is CVE-2021-40426, the other ones
> are completely negligible. But it's unclear to which extent CVE-2021-40426
> was reported upstream, https://talosintelligence.com/vulnerability_reports/TALOS-2021-1434
> mentions "2022-01-14 - Follow up with vendor; vendor acknowledged", but it's
> e.g. not found in the existing bug tracker, so I think reporting it in their
> tracker with a question of the status of a patch is a sensible first step.
> If they state they are too busy, work could resume on writing one.

Thank you! I opened https://sourceforge.net/p/sox/bugs/362/ and marked
all other CVEs as no-dsa.


Enrico

-- 
GPG key: 4096R/634F4BD1E7AD5568 2009-05-08 Enrico Zini <enrico@enricozini.org>

Attachment: signature.asc
Description: PGP signature

Reply to:

References:
- What to do with sox
  - From: Enrico Zini <enrico@enricozini.org>
- Re: What to do with sox
  - From: Moritz Muehlenhoff <jmm@inutil.org>

Prev by Date: Re: RFR: openscad update
Next by Date: Re: ntp warnings with tzdata leap-seconds file
Previous by thread: Re: What to do with sox
Index(es):
- Date
- Thread