--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: sox: After security update, sox reports WAV file bits per sample is zero
- From: Vidicode Support <support@vidicode.com>
- Date: Mon, 27 Feb 2023 17:02:29 +0000
- Message-id: <AM9PR07MB7714043610F429A74EEC43CCC2AF9@AM9PR07MB7714.eurprd07.prod.outlook.com>
Package: sox
Version: 14.4.2+git20190427-2+deb11u1
Severity: normal
X-Debbugs-Cc: team@security.debian.org
Dear Maintainer,
We encounter an error that occurs after upgrading to 14.4.2+git20190427-2+deb11u1,
and disappears when downgrading to version 14.4.2+git20190427-2.
Both sox and soxi report an error for wave files with GSM codec,
that were created using libsndfile.
$ soxi test.wav
soxi FAIL formats: can't open input file `test.wav': WAV file bits per sample is zero
After the error, it does not futher process the file.
Previously, it would output information about the file or process it (convert it).
The bits per sample in the wave file header is indeed zero.
The number of bits per sample is dynamic for the GSM codec.
Previously sox and soxi would parse and handle such files without problems.
-- System Information:
Debian Release: 11.6
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable'), (100, 'bullseye-fasttrack')
Architecture: amd64 (x86_64)
Kernel: Linux 5.10.0-19-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages sox depends on:
ii libc6 2.31-13+deb11u5
ii libsox-fmt-alsa 14.4.2+git20190427-2+deb11u1
ii libsox-fmt-ao 14.4.2+git20190427-2+deb11u1
ii libsox-fmt-base 14.4.2+git20190427-2+deb11u1
ii libsox-fmt-oss 14.4.2+git20190427-2+deb11u1
ii libsox-fmt-pulse 14.4.2+git20190427-2+deb11u1
ii libsox3 14.4.2+git20190427-2+deb11u1
sox recommends no packages.
Versions of packages sox suggests:
ii libsox-fmt-all 14.4.2+git20190427-2+deb11u1
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: sox
Source-Version: 14.4.2+git20190427-3.5
Done: Helmut Grohne <helmut@subdivi.de>
We believe that the bug you reported is fixed in the latest version of
sox, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1032082@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Helmut Grohne <helmut@subdivi.de> (supplier of updated sox package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 12 Mar 2023 10:07:49 +0100
Source: sox
Architecture: source
Version: 14.4.2+git20190427-3.5
Distribution: unstable
Urgency: medium
Maintainer: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Changed-By: Helmut Grohne <helmut@subdivi.de>
Closes: 1032082
Changes:
sox (14.4.2+git20190427-3.5) unstable; urgency=medium
.
* Non-maintainer upload.
* Fix regression in wav-gsm decodeing introduced via fixing CVE-2021-33844.
(Closes: #1032082)
Checksums-Sha1:
018275639c8ddb4c152866bb3ae61a196219f579 2898 sox_14.4.2+git20190427-3.5.dsc
d6ea7ab3f727873326cd7d26ba9e8f2ac0af881f 27692 sox_14.4.2+git20190427-3.5.debian.tar.xz
b5738e54919d1282d80bbfa50d7ff7211d6140c2 13835 sox_14.4.2+git20190427-3.5_amd64.buildinfo
Checksums-Sha256:
54ffede292e0bdb2b072c639386996dc677ca9b1268cbf1bd8ef3bd77522365c 2898 sox_14.4.2+git20190427-3.5.dsc
b3cf48adb4c844736092a86ae979c71bae488c4c818ea041a2ec1c4001c0502e 27692 sox_14.4.2+git20190427-3.5.debian.tar.xz
a84a1ef0ce4d7f942c24541982a3ab5d3cc26a8a3abfa2cf2e54ed143e8ce301 13835 sox_14.4.2+git20190427-3.5_amd64.buildinfo
Files:
749c88a004e12372fcc25a115edaef41 2898 sound optional sox_14.4.2+git20190427-3.5.dsc
e02b1c85131adbc9ca196ff75ce254bb 27692 sound optional sox_14.4.2+git20190427-3.5.debian.tar.xz
66d9a404438e3475942dca4d67d25402 13835 sound optional sox_14.4.2+git20190427-3.5_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEETMLS2QqNFlTb+HOqLRqqzyREREIFAmQPfVEACgkQLRqqzyRE
REKnEhAAmnlhn3+tFIcwE1yqNMSrdfF4TLhK5F+Gn/w4KCmyhsg1glAOeo46mD+B
6GXU1goIdRXE2Zm9lpkJ5M1G6dNYmQciaaoAyjkD6m312iLY6JEodMOSkOKgKQWb
YX8J7G+TLAYOlcKOp9Y0p3b0hvtInTk84WoCTKf38e5vB1oZU3YIr8RIcamb11uR
gBzt1s78vbHZW+R58IHD7ND914huCz7TUxdvATf5zZ9ROwBtgFTaSHQk1O/ih61/
dp22RFo54sKviSyaWseATKqMN/ldQ3jJEg3JrLwdjKMNNAa3lgj6fga21+2Pinp+
CMgEoOB6BHFBZI7mb3qcVe9RWnfhdefi3Df9csMnurJ9UzMYB8u2C5C55UMKvwlp
JmnZaW/sAY4Mw+2Uqb0cCGoSR50yvlhjshXljS+ums78qLuyqo6oc8O+UxSZ99cB
yBKsHOzFCoq0JJL0GsQjkYxQ4GM+hNrO0nkE7H8ijqTZkcjMY/mRwDOBhGOsThOm
ZqS7gBK1JS7anYCWHHq5/ZhgeKEZWhv8RMtGCP2UWOhg5MMNNgbF09x7VP/+iiPi
hrJU1GLR8gdrljXD8iw7/lPlD7GsrfRbsHml0je8LNhtShnTzfJgBws6HmY5Re1m
0gAItilDNEe9XgdVLsqMS/Wuwe8u83NcfSF2v60wBOllhXfm2Og=
=45KS
-----END PGP SIGNATURE-----
--- End Message ---