sox: CVE-2014-8145

Debian Bug report logs - #773720
sox: CVE-2014-8145

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: sox: CVE-2014-8145

Date: Mon, 22 Dec 2014 16:55:20 +0100

Source: sox
Version: 14.3.1-1
Severity: grave
Tags: security upstream

Hi,

the following vulnerability was published for sox.

CVE-2014-8145[0]:
two heap-based buffer overflows

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2014-8145
[1] http://www.ocert.org/advisories/ocert-2014-010.html

Patches are not yet attached/referenced in the advisory, but should be
referenced in upstream git repository soon.

Regards,
Salvatore

Message #10 received at 773720@bugs.debian.org (full text, mbox, reply):

From: Pascal Giard <evilynux@gmail.com>

To: Salvatore Bonaccorso <carnil@debian.org>, 773720@bugs.debian.org

Subject: Re: Bug#773720: sox: CVE-2014-8145

Date: Mon, 22 Dec 2014 11:06:20 -0500

On Mon, Dec 22, 2014 at 10:55 AM, Salvatore Bonaccorso
<carnil@debian.org> wrote:
> Source: sox
> Version: 14.3.1-1
> Severity: grave
> Tags: security upstream
>
> Hi,
>
> the following vulnerability was published for sox.
>
> CVE-2014-8145[0]:
> two heap-based buffer overflows
>
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>
> For further information see:
>
> [0] https://security-tracker.debian.org/tracker/CVE-2014-8145
> [1] http://www.ocert.org/advisories/ocert-2014-010.html
>
> Patches are not yet attached/referenced in the advisory, but should be
> referenced in upstream git repository soon.

Hi,
 I've a package ready for wheezy-security and I've notified the security team.

However, before uploading it I've been waiting for their permission as
the documentation says. I have yet to hear from the team.

Note that I have not prepared a package for oldstable, I am suppose to
do that as well?

-Pascal
-- 
Homepage (http://organact.mine.nu)
Debian GNU/Linux (http://www.debian.org)
COMunité/LACIME: École de technologie supérieure (http://www.comunite.ca)
ISIP Laboratory: McGill (http://www.isip.ece.mcgill.ca)

Message #15 received at 773720@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Pascal Giard <evilynux@gmail.com>

Cc: 773720@bugs.debian.org

Subject: Re: Bug#773720: sox: CVE-2014-8145

Date: Mon, 22 Dec 2014 17:46:59 +0100

Hi Pascal,

On Mon, Dec 22, 2014 at 11:06:20AM -0500, Pascal Giard wrote:
> On Mon, Dec 22, 2014 at 10:55 AM, Salvatore Bonaccorso
> <carnil@debian.org> wrote:
> > Source: sox
> > Version: 14.3.1-1
> > Severity: grave
> > Tags: security upstream
> >
> > Hi,
> >
> > the following vulnerability was published for sox.
> >
> > CVE-2014-8145[0]:
> > two heap-based buffer overflows
> >
> > If you fix the vulnerability please also make sure to include the
> > CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
> >
> > For further information see:
> >
> > [0] https://security-tracker.debian.org/tracker/CVE-2014-8145
> > [1] http://www.ocert.org/advisories/ocert-2014-010.html
> >
> > Patches are not yet attached/referenced in the advisory, but should be
> > referenced in upstream git repository soon.
> 
> Hi,
>  I've a package ready for wheezy-security and I've notified the security team.
> 
> However, before uploading it I've been waiting for their permission as
> the documentation says. I have yet to hear from the team.

Jupp, thats fine, I have seen it. I will follow-up on the other mail
shortly.

> Note that I have not prepared a package for oldstable, I am suppose to
> do that as well?

If you want yes, the following link gives the documentation for it
https://wiki.debian.org/LTS/Development .

Regards,
Salvatore

Message #20 received at 773720-close@bugs.debian.org (full text, mbox, reply):

From: Pascal Giard <pascal@debian.org>

To: 773720-close@bugs.debian.org

Subject: Bug#773720: fixed in sox 14.4.0-3+deb7u1

Date: Wed, 24 Dec 2014 18:32:11 +0000

Source: sox
Source-Version: 14.4.0-3+deb7u1

We believe that the bug you reported is fixed in the latest version of
sox, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 773720@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Pascal Giard <pascal@debian.org> (supplier of updated sox package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 22 Dec 2014 12:25:43 -0500
Source: sox
Binary: sox libsox2 libsox-fmt-base libsox-fmt-alsa libsox-fmt-ao libsox-fmt-ffmpeg libsox-fmt-mp3 libsox-fmt-oss libsox-fmt-pulse libsox-fmt-all libsox-dev
Architecture: source
Version: 14.4.0-3+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: Pascal Giard <pascal@debian.org>
Changed-By: Pascal Giard <pascal@debian.org>
Description:
 libsox-dev - Development files for the SoX library
 libsox-fmt-all - All SoX format libraries
 libsox-fmt-alsa - SoX alsa format I/O library
 libsox-fmt-ao - SoX Libao format I/O library
 libsox-fmt-base - Minimal set of SoX format libraries
 libsox-fmt-ffmpeg - SoX ffmpeg format library
 libsox-fmt-mp3 - SoX MP2 and MP3 format library
 libsox-fmt-oss - SoX OSS format I/O library
 libsox-fmt-pulse - SoX PulseAudio format I/O library
 libsox2    - SoX library of audio effects and processing
 sox        - Swiss army knife of sound processing
Closes: 773720
Changes:
 sox (14.4.0-3+deb7u1) wheezy-security; urgency=high
 .
   * Patches to fix memory corruptions on the heap, CVE-2014-8145
     (closes: #773720):
     + 0001-Check-for-minimum-size-sphere-headers.patch
     + 0002-More-checks-for-invalid-MS-ADPCM-blocks.patch
Checksums-Sha1:
 38f8a7a4d4e81a904321cd9601e0f5d4bc9bd6a7 2625 sox_14.4.0-3+deb7u1.dsc
 5a47eee52dc81269eaa17c2f0526e700611e9297 1104124 sox_14.4.0.orig.tar.gz
 887cd76e27b40f5db5198e7c8a6bc40ba7aff7ce 13881 sox_14.4.0-3+deb7u1.diff.gz
Checksums-Sha256:
 dbf4358079a5c6d87bff7d251af0c80df27ca59c3fa76c9c4bbb33970f579f7c 2625 sox_14.4.0-3+deb7u1.dsc
 2ba4d9f4ce7c0e38417a385902e6396eb8e94867659316679ddab1e100b8cb7d 1104124 sox_14.4.0.orig.tar.gz
 58b2eba60a39a80772868ab9c94f0d991577b211711f2e5a93b94ed75a247234 13881 sox_14.4.0-3+deb7u1.diff.gz
Files:
 5b725cb02e9740e62ab16a5d4df0f01a 2625 sound optional sox_14.4.0-3+deb7u1.dsc
 42ede45f3cfc48aa97eb9daccedc9b3c 1104124 sound optional sox_14.4.0.orig.tar.gz
 1fcf5ee7b8ccb6c4713d05b991272e60 13881 sound optional sox_14.4.0-3+deb7u1.diff.gz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJUmKoKAAoJEL5c9ofcWrfCLFMP/A/TFRqP8noPSI/3qMlmgvQY
TwS5dcuIehm0b+TxDUiNuXw0KR4JmIgQ6mzzx/bf6EXuK3LUuGv13lnHsELVnNkk
FDPXK+Ucw66Fy9+Wu4lHpr0YfoszTUJNTu2LnGgfNnY9RTKE1dJBgdx2L9+tdqMo
9jRi3tRAy+MeQlihEuY/7mXei5xp04xkitGIK4fvxAXmM9v+qlJ/sh92jjlQAtT7
VLBjgfoMyTFtz8u8aAMQ9N1Ml/xMZbYfvpE09yO2Tcc9VZ2sWDR2Sl9pKATPdSWZ
aAoutC0GKy2UCP5CUovgbK5e8XxKmqR8AWWXd7dNnsvzNO2fvKfOubTNDMzJK3kY
NiKoB/t2Si7EYfWhh4iVQpzHWXgFMk8yzAoZ+rruEG+N5dqsoJed0VFlctZaf3F8
mohJmy03AYyZ/OSrLEdNhtCQihjPUMiYCfjynY/zva8CPHj3vOkJhnmbX5sbib5A
74xMU7sPOHvNxaovpmCs+NsBvc+CxJ2rxOoXv6e4mqBQ57JlXzY5z8qHZmuE7V9c
YfcEpfOV+E0LOZTR87a1TIyylaBq1S790fF6+iebuiD8La6B4UbpAgipncD1y1+4
pWtmDG22NjpddhMUNK0SznPEJu6XHIr2OmUtojkY8W19zvr2vqIFjjiCV9o1Z98Q
lgg7dbIxzdHGxkQGhnqZ
=RxP3
-----END PGP SIGNATURE-----

Message #25 received at 773720-close@bugs.debian.org (full text, mbox, reply):

From: Pascal Giard <pascal@debian.org>

To: 773720-close@bugs.debian.org

Subject: Bug#773720: fixed in sox 14.4.1-5

Date: Wed, 24 Dec 2014 21:52:53 +0000

Source: sox
Source-Version: 14.4.1-5

We believe that the bug you reported is fixed in the latest version of
sox, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 773720@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Pascal Giard <pascal@debian.org> (supplier of updated sox package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 24 Dec 2014 14:33:55 -0500
Source: sox
Binary: sox libsox2 libsox-fmt-base libsox-fmt-alsa libsox-fmt-ao libsox-fmt-mp3 libsox-fmt-oss libsox-fmt-pulse libsox-fmt-all libsox-dev
Architecture: source amd64
Version: 14.4.1-5
Distribution: unstable
Urgency: medium
Maintainer: Pascal Giard <pascal@debian.org>
Changed-By: Pascal Giard <pascal@debian.org>
Description:
 libsox-dev - Development files for the SoX library
 libsox-fmt-all - All SoX format libraries
 libsox-fmt-alsa - SoX alsa format I/O library
 libsox-fmt-ao - SoX Libao format I/O library
 libsox-fmt-base - Minimal set of SoX format libraries
 libsox-fmt-mp3 - SoX MP2 and MP3 format library
 libsox-fmt-oss - SoX OSS format I/O library
 libsox-fmt-pulse - SoX PulseAudio format I/O library
 libsox2    - SoX library of audio effects and processing
 sox        - Swiss army knife of sound processing
Closes: 773720
Changes:
 sox (14.4.1-5) unstable; urgency=medium
 .
   * Patches to fix memory corruptions on the heap, CVE-2014-8145
     (closes: #773720):
     + 0001-Check-for-minimum-size-sphere-headers.patch
     + 0002-More-checks-for-invalid-MS-ADPCM-blocks.patch
Checksums-Sha1:
 d1592d5e8eb09b10882a140ea66ee1fe933163ca 2621 sox_14.4.1-5.dsc
 71f05afc51e3d9b03376b2f98fd452d3a274d595 1111653 sox_14.4.1.orig.tar.gz
 65e215bc9eb323345209f181f303cd12c44a9784 13448 sox_14.4.1-5.debian.tar.xz
 47f7b9da714649aa461ff39643b517e16d773ce6 137074 sox_14.4.1-5_amd64.deb
 69616e6a4ce5e923b4173198b23e78a303c76e1d 266838 libsox2_14.4.1-5_amd64.deb
 b252cbce28f6317b931a828bae91725143422d5a 67982 libsox-fmt-base_14.4.1-5_amd64.deb
 24af03c2f41ed379644d712941868ae87ccee398 46740 libsox-fmt-alsa_14.4.1-5_amd64.deb
 41f906b1af3ce7d1944d521440fb08b330157cc2 43638 libsox-fmt-ao_14.4.1-5_amd64.deb
 ce383a69f46fc9d56b3a39960e1d9077f85e14a9 51794 libsox-fmt-mp3_14.4.1-5_amd64.deb
 2d945ec35e17a2d8d38454b39ca90afb4b61547f 44162 libsox-fmt-oss_14.4.1-5_amd64.deb
 8615643204a1c84ad76948e8b4bd7a4a6d8de8a3 43690 libsox-fmt-pulse_14.4.1-5_amd64.deb
 edbb7999476544e46ac5c298f4ac60f4e540466e 41254 libsox-fmt-all_14.4.1-5_amd64.deb
 9aec1cce62e542bbed30bbcf4f176138de00db32 355090 libsox-dev_14.4.1-5_amd64.deb
Checksums-Sha256:
 ff7442d54f92c7d2f7490ae2e5c5f55fe99d1e61ea6fbad7eab6c9135f8b5b3d 2621 sox_14.4.1-5.dsc
 9a8c2c6fe51e608da346a157e111508a957af9e3ecf3de26781d36e9a67fa89b 1111653 sox_14.4.1.orig.tar.gz
 5df459a30998ce4c07be1fd7b1f6243210edfa9006101441f6ecf27069a48642 13448 sox_14.4.1-5.debian.tar.xz
 45f70101a0940d6f90d2183e3832e7eed24377d0ac272136abc34c8efc27509d 137074 sox_14.4.1-5_amd64.deb
 d83dcae2ed1503fe4ca89642ed1ef00ef83c0824880806b58660e2407afe1cad 266838 libsox2_14.4.1-5_amd64.deb
 06fa5b123b19a157346983fd74fb7ebc03a96d770cb4fe8ac94d1dd3d2326bb4 67982 libsox-fmt-base_14.4.1-5_amd64.deb
 c48af36b27b7d962eaee5b0bde3e104ff249637ff02ccff2a5ed408754b20219 46740 libsox-fmt-alsa_14.4.1-5_amd64.deb
 b8ed9d9f39f31801e77f00ac5987d15ebbb0930dff0b9f9493c750030819bea4 43638 libsox-fmt-ao_14.4.1-5_amd64.deb
 b3254b48225ef282501f39468106cdc6119b997091a024594cb5b970ad283d8b 51794 libsox-fmt-mp3_14.4.1-5_amd64.deb
 dd9ed7f57a0762722426952d04bf572f414558eb4277f7df0fb4a928dc9ea25b 44162 libsox-fmt-oss_14.4.1-5_amd64.deb
 dd86ca20309848b002ba963b7a5e2489e65835cc9ebd691e142c3a9449acbea6 43690 libsox-fmt-pulse_14.4.1-5_amd64.deb
 fed9204d10cba71ac4bc62aa11b65de2149814a7d146b65c6c94a8a9ebf2f4aa 41254 libsox-fmt-all_14.4.1-5_amd64.deb
 d1ce1d5a73c631838b797ac423ace99de53fe423560e5edc33f16c4dc23ca029 355090 libsox-dev_14.4.1-5_amd64.deb
Files:
 18e9c5850432b4e4f17ae71290dbcc30 2621 sound optional sox_14.4.1-5.dsc
 670307f40763490a2bc0d1f322071e7a 1111653 sound optional sox_14.4.1.orig.tar.gz
 59499ced90faa13cab4018ae49349e33 13448 sound optional sox_14.4.1-5.debian.tar.xz
 62ed9cfbff4afb6e46719f59db0de8f2 137074 sound optional sox_14.4.1-5_amd64.deb
 8c77796ef099fda321128983f9e545a3 266838 libs optional libsox2_14.4.1-5_amd64.deb
 85672d643a633ef5bdef663e3b1e5ad0 67982 libs optional libsox-fmt-base_14.4.1-5_amd64.deb
 24ff02986b705f17aaa0d3748d0e2f42 46740 libs optional libsox-fmt-alsa_14.4.1-5_amd64.deb
 1428bbb3864b515230a86e3f9a8401be 43638 libs optional libsox-fmt-ao_14.4.1-5_amd64.deb
 38ab8cb2a021a35fda6bb6ca0f01e645 51794 libs optional libsox-fmt-mp3_14.4.1-5_amd64.deb
 6a04d1e04c88b7dff0f85e3022664a3f 44162 libs optional libsox-fmt-oss_14.4.1-5_amd64.deb
 8bf99bb96a25c314cb33ed7eb1faba41 43690 libs optional libsox-fmt-pulse_14.4.1-5_amd64.deb
 6d769af62c87ffe009a6d65f0dc1a049 41254 libs optional libsox-fmt-all_14.4.1-5_amd64.deb
 04a108612b636e8eb8e4bc5e331cf924 355090 libdevel optional libsox-dev_14.4.1-5_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJUmxvoAAoJEL5c9ofcWrfC/fMQAJGcjEP161LLk0FKWomvoXm1
sz177yIa5cXIQ/zpPMZLUuwfdJiJT3L46Kz0m12iDNawk4/F2k1wR5f6uTr6s4ps
5H61myQQM5Pd8J5mKdBCsYtTN/0xmT+tsRdhp3Qj6QqN3NPZHFXJjF4QnsNFCFPn
IU7Ns+f/6ypeotpnvTV75wWO78BZ0EBzalRGXJZabINYrqy3A0cT6io1vL15iWwl
EnkT2HIL3Wbu5Y9pnKi+ZGs2UyxIDIHCiYDdy5F8mugrj0T63mGP2I1PaY/yielv
URmmk/CJJXs8qIfsE8ocP4isYas4z8zEv25lTu/PcsmQu3d8RX+lpdNmlXsA14HI
iENUkYF3oXxsLF/swI16mMI/xj9rAG/YaE6FBQ9DzpT3+86MS8ye5XqsNMsd3Hab
kIJ9vcFfKQeKd20ebfX00C8rE/ZFs+29HsIbBVK07voS47DxcdXt4Q6B61xFO6Ot
QMUT83/jotbENCUpfAdKG+tQLQlq4a8Qxk86fb9aQVSk18Gv7X+yBs6rg6KjK7o+
QFHSV+sL5Ua9cp8IgIuu/NyoJrRpNAJsUf1cKUg9Kr4ClRr54xzla2L5KjNlWKbn
rwg3RGC5cJaZ6uEcSdeZrl53cY6J3wzll0sI6Hl+GbUPqUTUm1EIXUISnjzOOxpM
lQ/0pc0mjpIQtD+YqleS
=I/NW
-----END PGP SIGNATURE-----

Message #30 received at 773720-close@bugs.debian.org (full text, mbox, reply):

From: Thorsten Alteholz <debian@alteholz.de>

To: 773720-close@bugs.debian.org

Subject: Bug#773720: fixed in sox 14.3.1-1+deb6u1

Date: Sat, 03 Jan 2015 18:52:17 +0000

Source: sox
Source-Version: 14.3.1-1+deb6u1

We believe that the bug you reported is fixed in the latest version of
sox, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 773720@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thorsten Alteholz <debian@alteholz.de> (supplier of updated sox package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 03 Dec 2015 19:33:00 +0100
Source: sox
Binary: sox libsox1b libsox-fmt-base libsox-fmt-alsa libsox-fmt-ao libsox-fmt-ffmpeg libsox-fmt-mp3 libsox-fmt-oss libsox-fmt-pulse libsox-fmt-all libsox-dev
Architecture: source i386
Version: 14.3.1-1+deb6u1
Distribution: squeeze-lts
Urgency: medium
Maintainer: Pascal Giard <pascal@debian.org>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Description: 
 libsox-dev - Development files for the SoX library
 libsox-fmt-all - All SoX format libraries
 libsox-fmt-alsa - SoX alsa format I/O library
 libsox-fmt-ao - SoX Libao format I/O library
 libsox-fmt-base - Minimal set of SoX format libraries
 libsox-fmt-ffmpeg - SoX ffmpeg format library
 libsox-fmt-mp3 - SoX MP3 format library
 libsox-fmt-oss - SoX OSS format I/O library
 libsox-fmt-pulse - SoX PulseAudio format I/O library
 libsox1b   - SoX library of audio effects and processing
 sox        - Swiss army knife of sound processing
Closes: 773720
Changes: 
 sox (14.3.1-1+deb6u1) squeeze-lts; urgency=medium
 .
   * Non-maintainer upload by the Squeeze LTS Team.
   * Patches to fix memory corruptions on the heap, CVE-2014-8145
     (closes: #773720):
     + 0001-Check-for-minimum-size-sphere-headers.patch
     + 0002-More-checks-for-invalid-MS-ADPCM-blocks.patch
Checksums-Sha1: 
 9a623a8e184a1517688899d31a5886d9f737f32e 2276 sox_14.3.1-1+deb6u1.dsc
 2e43e00f11a939189ad4b821e34d0d184c595fcd 1042658 sox_14.3.1.orig.tar.gz
 4b8e42843912f79ae72574c06b81956aa556cfbd 12159 sox_14.3.1-1+deb6u1.diff.gz
 3acc3718eae2cda80ed13bfe0c9bb9d154ae91e5 132218 sox_14.3.1-1+deb6u1_i386.deb
 80edaf2ed5c572a87f969436ccb6a235d0788ef9 285968 libsox1b_14.3.1-1+deb6u1_i386.deb
 070b80813398108b85c288637aeb0620b82b5c68 56878 libsox-fmt-base_14.3.1-1+deb6u1_i386.deb
 f66c392b3a9877f15b7d1bec1402a123cda69d0b 46448 libsox-fmt-alsa_14.3.1-1+deb6u1_i386.deb
 8e85bc90b0d8e7528213954b68300e3015b499b7 43496 libsox-fmt-ao_14.3.1-1+deb6u1_i386.deb
 ed7de9ae0cbf2ad0799e0d6c0a32cbd81af85b6b 45674 libsox-fmt-ffmpeg_14.3.1-1+deb6u1_i386.deb
 9bb03905e314440358a7bce313b13c8297f7b3c4 47418 libsox-fmt-mp3_14.3.1-1+deb6u1_i386.deb
 02a7a4e4afcda4a78c8564dad97784851cbe98c2 43924 libsox-fmt-oss_14.3.1-1+deb6u1_i386.deb
 06ada38c2db42c6fff6046b4fd3591845d39c6fc 43310 libsox-fmt-pulse_14.3.1-1+deb6u1_i386.deb
 bc0223d088098653527243f2912449ceb1111e8d 40474 libsox-fmt-all_14.3.1-1+deb6u1_i386.deb
 d3a65f5cd07b3179e2865e792db21d6a4e78c3f2 376024 libsox-dev_14.3.1-1+deb6u1_i386.deb
Checksums-Sha256: 
 6f93822f7f6ab9987fd4ffbd1582fbaccac8c52e5eb871225b3cd5c191791447 2276 sox_14.3.1-1+deb6u1.dsc
 ffa6c8beff7d9ca42996db34f479521e342288695a2f93cdc59d95d95f89b3fd 1042658 sox_14.3.1.orig.tar.gz
 b62f1f8500696b732639fab56b3f48c313156f775f7a2408406ae5a470201a2e 12159 sox_14.3.1-1+deb6u1.diff.gz
 cd3231cac7e67371ffff8bf94b096f0b3e9488b5e14f40e25d8ea219b2167825 132218 sox_14.3.1-1+deb6u1_i386.deb
 7916943951ef6f1b0a5277f61e29652349eee3b649b2e643a8e0cc5c42e74dea 285968 libsox1b_14.3.1-1+deb6u1_i386.deb
 504d75f675f519a2402d2a402094b3341fbdcfb78327f75dc9420fdc38577082 56878 libsox-fmt-base_14.3.1-1+deb6u1_i386.deb
 badb2c96e7103b0ea6d7f4fcd9820f540f26c78766a3eac675fd5108d27f5721 46448 libsox-fmt-alsa_14.3.1-1+deb6u1_i386.deb
 750a224ff50c69e35d193ac24a6805037e9a2d250fcf1bde172e4fcf7fcfbb7b 43496 libsox-fmt-ao_14.3.1-1+deb6u1_i386.deb
 f8a0540668b2e4bc029ca3499c618c4caa9fe75b54a4f91928cbbd67d91090ef 45674 libsox-fmt-ffmpeg_14.3.1-1+deb6u1_i386.deb
 f56dd17a5b9e03dc5770b5bd10be4065cb963f7470aabd4e1b06fb7b646e79ab 47418 libsox-fmt-mp3_14.3.1-1+deb6u1_i386.deb
 b7126ade4123a5d40fcc7af33902966c66ce3ab96e5607ad93dd467b3e5ef34f 43924 libsox-fmt-oss_14.3.1-1+deb6u1_i386.deb
 4ad43109f108df8e529441771978a645acedaf9ad3dfa0e25459d2ce7683ac3e 43310 libsox-fmt-pulse_14.3.1-1+deb6u1_i386.deb
 8421292828716b17b85e8e2b084699a6e069cf073592b65048e720273277f2b2 40474 libsox-fmt-all_14.3.1-1+deb6u1_i386.deb
 860c2972cead9a9e2cb5342e95c0c65fc4d6ab28eaf4ee3cc596c370fa9de5ec 376024 libsox-dev_14.3.1-1+deb6u1_i386.deb
Files: 
 260cf97ce64acddd7bf73248a9400cf0 2276 sound optional sox_14.3.1-1+deb6u1.dsc
 0f6f981406b694d234ec81b368c525f1 1042658 sound optional sox_14.3.1.orig.tar.gz
 ac1d47f90b10e0954cf8868300722772 12159 sound optional sox_14.3.1-1+deb6u1.diff.gz
 42895301798ce96b12642f1dca4bbde4 132218 sound optional sox_14.3.1-1+deb6u1_i386.deb
 32d80d0aabfeff2cfc8c729cee019dcf 285968 sound optional libsox1b_14.3.1-1+deb6u1_i386.deb
 3339ee3b808fc153889cd2afa0e82c02 56878 sound optional libsox-fmt-base_14.3.1-1+deb6u1_i386.deb
 294562bea8db2fcee7f79197558f330d 46448 sound optional libsox-fmt-alsa_14.3.1-1+deb6u1_i386.deb
 60c0942fbaa2e32374d8cf62d0aa0575 43496 sound optional libsox-fmt-ao_14.3.1-1+deb6u1_i386.deb
 dc40b33b4c585232c2884db3184e25f8 45674 sound optional libsox-fmt-ffmpeg_14.3.1-1+deb6u1_i386.deb
 846301881687d369543f27146424ce2c 47418 sound optional libsox-fmt-mp3_14.3.1-1+deb6u1_i386.deb
 d1e611d926e376b77673bef9829f02dd 43924 sound optional libsox-fmt-oss_14.3.1-1+deb6u1_i386.deb
 9a63fec6e225b25aacfe87a75a638124 43310 sound optional libsox-fmt-pulse_14.3.1-1+deb6u1_i386.deb
 5f70566793b1ac8b860338d74d9e3f16 40474 sound optional libsox-fmt-all_14.3.1-1+deb6u1_i386.deb
 d0317efcded446cb10f545a22149978d 376024 libdevel optional libsox-dev_14.3.1-1+deb6u1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQJ8BAEBCgBmBQJUqDg+XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHE/0P/3Ln8y99LGtFiWI2p5wG5o7N
j4I86+vQB6ssLDA5q9JV9IQlk/84r82MOuQM0hGPd8XNs+P71Q2nlcGB4DfW0+3+
iJdDEbfx2mXQY9GOXn/FT6w+tweFeCWfAzHk82OsT/00mKn9muCPyrGdrCidhrB/
fk8knxGIARyahi0EZ6hSPN041koGagMsmo2QE0H4Uk1zC2sJGXjWEsn6zraF8g5a
6sryZcn4IuWXFunjBnm3bdQNIAbeXU4Ns+LqfnSk7sXCxtaRT9jwZglCygbE0KYA
5VwV3qB90YBn0MsUm89DcTYfOpvkTcxxnmi1oaWK6sR0OvGX2K82qlju44smLhWH
zA4c+klrkANQpe4w/5P98XdlIgFw6eIAq3FAzCDab7LFW6sUhrtID/nhemJorKO1
rAWZNGIPv/FxVF2MA2iuvRSdNz/Ibf7zymnWoOiCrTzTGDNPeqeWsZW+L5PrwuPe
e0Ac7tLt44LIUHn+6wOPL8lzEsZlWaruDDMXC68CVx6DHPl3x6MbQMfuGAycH5F/
fh4E1aLLymn4WmjttzEuV/XVMJi35g9S11ybolqrJUHVVVbpr1+uODy/YMvF+uHc
fCJHWYJLv6te4k4uo/kn4uELORFV9b3bcNnkFAVRNqgGmz3l1w+UQfpQQg0uKWAz
H9ooiCQbtRq7C7mrEUeV
=8RD+
-----END PGP SIGNATURE-----

Message #45 received at 773720-close@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: 773720-close@bugs.debian.org

Subject: Bug#773720: fixed in sox 14.4.1-5+deb9u1

Date: Mon, 04 Feb 2019 21:47:14 +0000

Source: sox
Source-Version: 14.4.1-5+deb9u1

We believe that the bug you reported is fixed in the latest version of
sox, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 773720@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated sox package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 01 Feb 2019 16:18:21 +0100
Source: sox
Binary: sox libsox2 libsox-fmt-base libsox-fmt-alsa libsox-fmt-ao libsox-fmt-mp3 libsox-fmt-oss libsox-fmt-pulse libsox-fmt-all libsox-dev
Architecture: source
Version: 14.4.1-5+deb9u1
Distribution: stretch
Urgency: medium
Maintainer: Pascal Giard <pascal@debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 773720
Description: 
 libsox-dev - Development files for the SoX library
 libsox-fmt-all - All SoX format libraries
 libsox-fmt-alsa - SoX alsa format I/O library
 libsox-fmt-ao - SoX Libao format I/O library
 libsox-fmt-base - Minimal set of SoX format libraries
 libsox-fmt-mp3 - SoX MP2 and MP3 format library
 libsox-fmt-oss - SoX OSS format I/O library
 libsox-fmt-pulse - SoX PulseAudio format I/O library
 libsox2    - SoX library of audio effects and processing
 sox        - Swiss army knife of sound processing
Changes:
 sox (14.4.1-5+deb9u1) stretch; urgency=medium
 .
   * Non-maintainer upload.
   * Add patches for CVE-2014-8145 to series file and really apply fixes.
     Thanks to Mike Salvatore for spotting the issue. (Closes: #773720)
Checksums-Sha1: 
 dfe40844d1bdae2311ce0fcc47ad464733c5993b 2818 sox_14.4.1-5+deb9u1.dsc
 451ae46dd8c14e5399338469b52fca16737fbd14 13520 sox_14.4.1-5+deb9u1.debian.tar.xz
Checksums-Sha256: 
 4b1ef19966c78a030e3f7101398d3af0d3af92153845d6182fd754feb62fc9a3 2818 sox_14.4.1-5+deb9u1.dsc
 e485136bc8f34ea2b08f359856e20b4a2f902643cc20f79a4217feed08dd4476 13520 sox_14.4.1-5+deb9u1.debian.tar.xz
Files: 
 3e0dd0b71ce9c5956a6bcaeb14f10c7b 2818 sound optional sox_14.4.1-5+deb9u1.dsc
 b5e66f8f193eb54eddd284f2f2363998 13520 sound optional sox_14.4.1-5+deb9u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlxUbYpfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EcY8P/2mB9Ue4nYPXv/+Zt0L9LVKxbsB3w8EI
hFXQnClmsLl112LzzRAH5y8AqspcKu6Os0SUAEX2xRhtC89feInoh4O2IHm1p3JD
hHG+GLlFMuMolvaPpk/2dqTyVStHE1ujf/grOCkIbqALbmTj1wRk49iFWuqSMR64
2e3onm15rlAkosd65ZKGLURsdSoW4YbwjSXgtHhxYpuXlDA/LmJMl5uVn//r4aHc
1C+hoov97ufOCyEMaMWk0TDoB5phbWio1/S/r73dQ2/OjFxAf16W4o2tDHP/lWRU
FYDlcn/e2isDKuSw7LPtCfFg06pCgHsnsNgGVk2hH3vsNKyPzWJXnZcTabt2PFKw
02C7cf5XFhLPkCNlU39gSnZbbATBhlume9+DwS+K7ymOUTprVGPeei4tVpSE3DcU
hjt0kTsiXK7B4gNq1vUc1zARc/yciNhG/TOgJ3K5XC4cLmi0e0OHyzOn34oaGXMV
Isjj5PklmjEJDkewh9bTkbV8DCVY5EFi7TNfQ+4+t/tfN3ZidVIqadBdRxGG/paU
8pd2LHnYi4T+CLDl9y/qHOIV7W/xTyU1Ctm9WcmIcDXiaH3wXgMXLyXCY2GbDjKc
pvp2I6ZJd8GG2s9YfWmSHTgTQN5GyQsQFuFip+Ao4YkpL4Xn6+/Mbgl6qIV0142A
Q/xBrR9xFxBd
=B3uc
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.