Bug#1012516: sox: CVE-2022-31650 CVE-2022-31651

To: submit@bugs.debian.org
Subject: Bug#1012516: sox: CVE-2022-31650 CVE-2022-31651
From: Moritz Mühlenhoff <jmm@inutil.org>
Date: Wed, 8 Jun 2022 17:55:04 +0200
Message-id: <[🔎] YqDGWDyWfL9WDnJ0@pisco.westfalen.local>
Reply-to: Moritz Mühlenhoff <jmm@inutil.org>, 1012516@bugs.debian.org

Source: sox
X-Debbugs-CC: team@security.debian.org
Severity: normal
Tags: security

Hi,

The following vulnerabilities were published for sox.

CVE-2022-31650[0]:
| In SoX 14.4.2, there is a floating-point exception in
| lsx_aiffstartwrite in aiff.c in libsox.a.

CVE-2022-31651[1]:
| In SoX 14.4.2, there is an assertion failure in rate_init in rate.c in
| libsox.a.

https://sourceforge.net/p/sox/bugs/360/

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2022-31650
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31650
[1] https://security-tracker.debian.org/tracker/CVE-2022-31651
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31651

Please adjust the affected versions in the BTS as needed.

Reply to:

Prev by Date: synthv1_0.9.26-1_source.changes ACCEPTED into unstable
Next by Date: Processing of libdvdread_6.1.3-1_source.changes
Previous by thread: synthv1_0.9.26-1_source.changes ACCEPTED into unstable
Next by thread: Processing of libdvdread_6.1.3-1_source.changes
Index(es):
- Date
- Thread