Bug#1010374: marked as done (sox: CVE-2021-3643 CVE-2021-23210)
Your message dated Thu, 23 Feb 2023 19:32:31 +0000
with message-id <E1pVHKR-002L7Y-6B@fasolo.debian.org>
and subject line Bug#1010374: fixed in sox 14.4.2+git20190427-2+deb11u1
has caused the Debian Bug report #1010374,
regarding sox: CVE-2021-3643 CVE-2021-23210
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
1010374: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010374
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: sox: CVE-2021-3643 CVE-2021-23210
- From: Salvatore Bonaccorso <carnil@debian.org>
- Date: Fri, 29 Apr 2022 22:38:24 +0200
- Message-id: <165126470461.2589890.2720367343321373616.reportbug@eldamar.lan>
Source: sox
Version: 14.4.2+git20190427-3
Severity: important
Tags: security upstream
Forwarded: https://sourceforge.net/p/sox/bugs/351/
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>
Hi,
The following vulnerabilities were published for sox.
CVE-2021-3643[0]:
| buffer overflow read vulnerability
CVE-2021-23210[1]:
| divide by zero in voc.c
Note the respective Red Hat Bugzilla entries contain little more
information on the connection of the both.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-3643
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3643
https://bugzilla.redhat.com/show_bug.cgi?id=1980626
[1] https://security-tracker.debian.org/tracker/CVE-2021-23210
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23210
https://bugzilla.redhat.com/show_bug.cgi?id=1975670
[2] https://sourceforge.net/p/sox/bugs/351/
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: sox
Source-Version: 14.4.2+git20190427-2+deb11u1
Done: Moritz Mühlenhoff <jmm@debian.org>
We believe that the bug you reported is fixed in the latest version of
sox, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1010374@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Moritz Mühlenhoff <jmm@debian.org> (supplier of updated sox package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 17 Feb 2023 17:13:54 +0100
Source: sox
Architecture: source
Version: 14.4.2+git20190427-2+deb11u1
Distribution: bullseye-security
Urgency: medium
Maintainer: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Changed-By: Moritz Mühlenhoff <jmm@debian.org>
Closes: 1010374 1012138 1012516 1021133 1021134 1021135
Changes:
sox (14.4.2+git20190427-2+deb11u1) bullseye-security; urgency=medium
.
* CVE-2021-23159 CVE-2021-23172 (Closes: #1021133, #1021134)
* CVE-2021-3643 CVE-2021-23210 (Closes: #1010374)
* CVE-2021-33844 (Closes: #1021135)
* CVE-2021-40426 (Closes: #1012138)
* CVE-2022-31650 (Closes: #1012516)
* CVE-2022-31651 (Closes: #1012516)
* All patches taken from Helmut Grohne's uploads to unstable, thanks!
Checksums-Sha1:
b517566e2935d6632abdf865e3335edf1cc87fdf 2858 sox_14.4.2+git20190427-2+deb11u1.dsc
dc9668256b9d81ef25d672f14f12ec026b0b4087 935449 sox_14.4.2+git20190427.orig.tar.bz2
b8421c9c64d63e1f25c4678fdd38d6bfd70e5faa 27088 sox_14.4.2+git20190427-2+deb11u1.debian.tar.xz
Checksums-Sha256:
015a6e0bb053a2cd3231be0ad4821b5c51cea8c1f90d9db7001f5cde066953ec 2858 sox_14.4.2+git20190427-2+deb11u1.dsc
81a6956d4330e75b5827316e44ae381e6f1e8928003c6aa45896da9041ea149c 935449 sox_14.4.2+git20190427.orig.tar.bz2
9a695b613dedf66aa5112b3bfe4bab966656880efbad911d16f09ea0fc8f40ad 27088 sox_14.4.2+git20190427-2+deb11u1.debian.tar.xz
Files:
8f475269158258bc09eedd34a397390d 2858 sound optional sox_14.4.2+git20190427-2+deb11u1.dsc
ba804bb1ce5c71dd484a102a5b27d0dd 935449 sound optional sox_14.4.2+git20190427.orig.tar.bz2
e68b99879c9d6d41116402f361139a88 27088 sound optional sox_14.4.2+git20190427-2+deb11u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmPvzKYACgkQEMKTtsN8
TjbnYBAAsEIB6Cqm95H3YT7T2cE7inynwFladhbIT81jATWKR5Ffa+FXMfuQ5k2n
MCK/R2iWAvxOBFrugEl6RC0xDxTQ1EQVXG0f82ewJglUFh/Yp1Z+vBgEUC+AFkYn
E85x07Y7cBzqXWWZxhPRX0imgxW67b6bZkKdsM7C4vv+LThM9bCeCjBh3qqcqQd3
d4x6lBFjeYs5yYZd1GZ5tZkFVL8vXPD6NrFIsojkdLURMji+JKFNtJE1vJEHEUyv
kuUmaqykONxhtIpUKfinVvsUdXygZtY+HvbhEc5aERlZ/QhBCLYfs+oNmjva26Ju
SxPLoiI6U9G2qH7P8iX5sURhNTdvjW9ypsKZF2Fcfonx2gitP1uRCblFtzPrP3k0
lO2S2LbAWRsiMnn9RMWDfIL9zgFkkFrVtJDI6qSahJae5t3GFioxUqLsucemn4bH
AvONgB1r2PM9acM2iQcxCGZxM7wCRAmrF1lDU3hNXq6IWvQ7LENqEskuKEniLvlc
NNQLEOZ8MEDiXrnttMBW7KHbHcis7AHhykKDYjMkzbvrod0FQxjwQE6pU4t2EF0Y
PBt4ZD5BvOR+AvWlhi6LJ8SVVn8p9YCMZZ1gulo9YsgxMC7SsISJ72yNSuALfgGF
jqx94ohXuCjx3PfLXxhfVkyzl/YqUJLlKshUkY61Plw76d1MdQM=
=SaAi
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: