Bug#1125289: sox: Switch to or add sox_ng
Package: sox
Version: 14.4.2+git20190427-5+b3
Severity: important
X-Debbugs-Cc: martinwguy@gmail.com
sox_ng forked from sox.sf.net in May 2024. fixes all 20 or so CVEs,
some of which could lead to code injection using crafted malformed
compressed format files (whic is why I mark it as "important").
It also fixes other bugs, SEGVs and stuff, adds support for dozens
more formats and has grown a few more effects.
There are several release lines, currently at 14.4.5 to 14.7.0
for bug-fix only to more and more new features
and they can be configured to replace the standard sox filenames
with links to _ng or can live side by side. Most distros are deciding
to replace, as it is backwards-compatible, and the latest stable release
seems stable.
https://codeberg.org/sox_ng/sox_ng
I'm on good terms with all the original developers I've contacted and one
has been murmuring for a year or so about importing the _ng fixes to sox.sf.net
but they are presumed busy doing much more interesting things.
Blessings & keep up the good work
M
-- System Information:
Debian Release: 13.1
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 6.12.43+deb13-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages sox depends on:
ii libc6 2.41-12
ii libsox-fmt-alsa 14.4.2+git20190427-5+b3
ii libsox-fmt-ao 14.4.2+git20190427-5+b3
ii libsox-fmt-base 14.4.2+git20190427-5+b3
ii libsox-fmt-oss 14.4.2+git20190427-5+b3
ii libsox-fmt-pulse 14.4.2+git20190427-5+b3
ii libsox3 14.4.2+git20190427-5+b3
sox recommends no packages.
Versions of packages sox suggests:
ii libsox-fmt-all 14.4.2+git20190427-5+b3
-- no debconf information
Reply to: