Bug#1010374: sox: CVE-2021-3643 CVE-2021-23210

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#1010374: sox: CVE-2021-3643 CVE-2021-23210
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Fri, 29 Apr 2022 22:38:24 +0200
Message-id: <[🔎] 165126470461.2589890.2720367343321373616.reportbug@eldamar.lan>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 1010374@bugs.debian.org

Source: sox
Version: 14.4.2+git20190427-3
Severity: important
Tags: security upstream
Forwarded: https://sourceforge.net/p/sox/bugs/351/
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>

Hi,

The following vulnerabilities were published for sox.

CVE-2021-3643[0]:
| buffer overflow read vulnerability

CVE-2021-23210[1]:
| divide by zero in voc.c

Note the respective Red Hat Bugzilla entries contain little more
information on the connection of the both.

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2021-3643
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3643
    https://bugzilla.redhat.com/show_bug.cgi?id=1980626
[1] https://security-tracker.debian.org/tracker/CVE-2021-23210
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23210
    https://bugzilla.redhat.com/show_bug.cgi?id=1975670
[2] https://sourceforge.net/p/sox/bugs/351/

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Reply to:

Prev by Date: kodi_19.4+dfsg2-1_source.changes ACCEPTED into unstable
Next by Date: Processing of libyuv_0.0~git20220427.de71c67-1_source.changes
Previous by thread: kodi_19.4+dfsg2-1_source.changes ACCEPTED into unstable
Next by thread: Processing of libyuv_0.0~git20220427.de71c67-1_source.changes
Index(es):
- Date
- Thread