Bug#1125289: sox: Switch to or add sox_ng

To: Martin Guy <martinwguy@gmail.com>, 1125289@bugs.debian.org
Subject: Bug#1125289: sox: Switch to or add sox_ng
From: Thorsten Alteholz <debian@alteholz.de>
Date: Mon, 12 Jan 2026 08:53:12 +0100
Message-id: <[🔎] ef951aba-d86a-432b-b9c4-373801112aea@alteholz.de>
Reply-to: Thorsten Alteholz <debian@alteholz.de>, 1125289@bugs.debian.org
In-reply-to: <[🔎] 176818674112.7329.12186832875918242732.reportbug@giacomo>
References: <[🔎] 176818674112.7329.12186832875918242732.reportbug@giacomo> <[🔎] 176818674112.7329.12186832875918242732.reportbug@giacomo>



On 12.01.26 03:59, Martin Guy wrote:

  fixes all 20 or so CVEs,
some of which could lead to code injection using crafted malformed
compressed format files (whic is why I mark it as "important").


Can you please be a bit more verbose about what you mean with this?
According to [1] there are no open CVEs in the Debian package.

   Thorsten

[1] https://security-tracker.debian.org/tracker/source-package/sox

Reply to:

Follow-Ups:
- Bug#1125289: sox: Switch to or add sox_ng
  - From: Martin Guy <martinwguy@gmail.com>

References:
- Bug#1125289: sox: Switch to or add sox_ng
  - From: Martin Guy <martinwguy@gmail.com>

Prev by Date: Bug#1125289: sox: Switch to or add sox_ng
Next by Date: Bug#1125289: sox: Switch to or add sox_ng
Previous by thread: Bug#1125289: sox: Switch to or add sox_ng
Next by thread: Bug#1125289: sox: Switch to or add sox_ng
Index(es):
- Date
- Thread