[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1032082: marked as done (sox: After security update, sox reports WAV file bits per sample is zero)

Your message dated Mon, 13 Mar 2023 20:36:19 +0000
with message-id <E1pbou3-00F2HM-Fs@fasolo.debian.org>
and subject line Bug#1032082: fixed in sox 14.4.2+git20190427-3.5
has caused the Debian Bug report #1032082,
regarding sox: After security update, sox reports WAV file bits per sample is zero
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1032082: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032082
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: sox
Version: 14.4.2+git20190427-2+deb11u1
Severity: normal
X-Debbugs-Cc: team@security.debian.org

Dear Maintainer,

We encounter an error that occurs after upgrading to 14.4.2+git20190427-2+deb11u1,
and disappears when downgrading to version 14.4.2+git20190427-2.
Both sox and soxi report an error for wave files with GSM codec,
that were created using libsndfile.

$ soxi test.wav
soxi FAIL formats: can't open input file `test.wav': WAV file bits per sample is zero

After the error, it does not futher process the file.
Previously, it would output information about the file or process it (convert it).

The bits per sample in the wave file header is indeed zero.
The number of bits per sample is dynamic for the GSM codec.
Previously sox and soxi would parse and handle such files without problems.

-- System Information:
Debian Release: 11.6
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable'), (100, 'bullseye-fasttrack')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-19-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages sox depends on:
ii  libc6             2.31-13+deb11u5
ii  libsox-fmt-alsa   14.4.2+git20190427-2+deb11u1
ii  libsox-fmt-ao     14.4.2+git20190427-2+deb11u1
ii  libsox-fmt-base   14.4.2+git20190427-2+deb11u1
ii  libsox-fmt-oss    14.4.2+git20190427-2+deb11u1
ii  libsox-fmt-pulse  14.4.2+git20190427-2+deb11u1
ii  libsox3           14.4.2+git20190427-2+deb11u1

sox recommends no packages.

Versions of packages sox suggests:
ii  libsox-fmt-all  14.4.2+git20190427-2+deb11u1

-- no debconf information

--- End Message ---
--- Begin Message --- 
Source: sox
Source-Version: 14.4.2+git20190427-3.5
Done: Helmut Grohne <helmut@subdivi.de>

We believe that the bug you reported is fixed in the latest version of
sox, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1032082@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Helmut Grohne <helmut@subdivi.de> (supplier of updated sox package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 12 Mar 2023 10:07:49 +0100
Source: sox
Architecture: source
Version: 14.4.2+git20190427-3.5
Distribution: unstable
Urgency: medium
Maintainer: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Changed-By: Helmut Grohne <helmut@subdivi.de>
Closes: 1032082
Changes:
 sox (14.4.2+git20190427-3.5) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * Fix regression in wav-gsm decodeing introduced via fixing CVE-2021-33844.
     (Closes: #1032082)
Checksums-Sha1:
 018275639c8ddb4c152866bb3ae61a196219f579 2898 sox_14.4.2+git20190427-3.5.dsc
 d6ea7ab3f727873326cd7d26ba9e8f2ac0af881f 27692 sox_14.4.2+git20190427-3.5.debian.tar.xz
 b5738e54919d1282d80bbfa50d7ff7211d6140c2 13835 sox_14.4.2+git20190427-3.5_amd64.buildinfo
Checksums-Sha256:
 54ffede292e0bdb2b072c639386996dc677ca9b1268cbf1bd8ef3bd77522365c 2898 sox_14.4.2+git20190427-3.5.dsc
 b3cf48adb4c844736092a86ae979c71bae488c4c818ea041a2ec1c4001c0502e 27692 sox_14.4.2+git20190427-3.5.debian.tar.xz
 a84a1ef0ce4d7f942c24541982a3ab5d3cc26a8a3abfa2cf2e54ed143e8ce301 13835 sox_14.4.2+git20190427-3.5_amd64.buildinfo
Files:
 749c88a004e12372fcc25a115edaef41 2898 sound optional sox_14.4.2+git20190427-3.5.dsc
 e02b1c85131adbc9ca196ff75ce254bb 27692 sound optional sox_14.4.2+git20190427-3.5.debian.tar.xz
 66d9a404438e3475942dca4d67d25402 13835 sound optional sox_14.4.2+git20190427-3.5_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEETMLS2QqNFlTb+HOqLRqqzyREREIFAmQPfVEACgkQLRqqzyRE
REKnEhAAmnlhn3+tFIcwE1yqNMSrdfF4TLhK5F+Gn/w4KCmyhsg1glAOeo46mD+B
6GXU1goIdRXE2Zm9lpkJ5M1G6dNYmQciaaoAyjkD6m312iLY6JEodMOSkOKgKQWb
YX8J7G+TLAYOlcKOp9Y0p3b0hvtInTk84WoCTKf38e5vB1oZU3YIr8RIcamb11uR
gBzt1s78vbHZW+R58IHD7ND914huCz7TUxdvATf5zZ9ROwBtgFTaSHQk1O/ih61/
dp22RFo54sKviSyaWseATKqMN/ldQ3jJEg3JrLwdjKMNNAa3lgj6fga21+2Pinp+
CMgEoOB6BHFBZI7mb3qcVe9RWnfhdefi3Df9csMnurJ9UzMYB8u2C5C55UMKvwlp
JmnZaW/sAY4Mw+2Uqb0cCGoSR50yvlhjshXljS+ums78qLuyqo6oc8O+UxSZ99cB
yBKsHOzFCoq0JJL0GsQjkYxQ4GM+hNrO0nkE7H8ijqTZkcjMY/mRwDOBhGOsThOm
ZqS7gBK1JS7anYCWHHq5/ZhgeKEZWhv8RMtGCP2UWOhg5MMNNgbF09x7VP/+iiPi
hrJU1GLR8gdrljXD8iw7/lPlD7GsrfRbsHml0je8LNhtShnTzfJgBws6HmY5Re1m
0gAItilDNEe9XgdVLsqMS/Wuwe8u83NcfSF2v60wBOllhXfm2Og=
=45KS
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: