Debian Bug report logs -
#927906
CVE-2019-8354 CVE-2019-8355 CVE-2019-8356 CVE-2019-8357
Reported by: Moritz Muehlenhoff <jmm@debian.org>
Date: Wed, 24 Apr 2019 20:57:02 UTC
Severity: grave
Tags: fixed-upstream, security, upstream
Found in version sox/14.4.2-3
Fixed in version sox/14.4.2+git20190427-1
Done: Tiago Bortoletto Vaz <tiago@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>:
Bug#927906; Package src:sox.
(Wed, 24 Apr 2019 20:57:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>.
(Wed, 24 Apr 2019 20:57:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: sox
Severity: grave
Tags: security
Please see these links for descriptions and patches:
https://security-tracker.debian.org/tracker/CVE-2019-8354
https://security-tracker.debian.org/tracker/CVE-2019-8355
https://security-tracker.debian.org/tracker/CVE-2019-8356
https://security-tracker.debian.org/tracker/CVE-2019-8357
Cheers,
Moritz
Marked as found in versions sox/14.4.2-3.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Wed, 24 Apr 2019 21:06:02 GMT) (full text, mbox, link).
Added tag(s) fixed-upstream and upstream.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Wed, 24 Apr 2019 21:06:02 GMT) (full text, mbox, link).
Reply sent
to Tiago Bortoletto Vaz <tiago@debian.org>:
You have taken responsibility.
(Sat, 27 Apr 2019 22:09:06 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer.
(Sat, 27 Apr 2019 22:09:06 GMT) (full text, mbox, link).
Message #14 received at 927906-close@bugs.debian.org (full text, mbox, reply):
Source: sox
Source-Version: 14.4.2+git20190427-1
We believe that the bug you reported is fixed in the latest version of
sox, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 927906@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Tiago Bortoletto Vaz <tiago@debian.org> (supplier of updated sox package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 27 Apr 2019 15:57:59 -0400
Source: sox
Binary: libsox-dev libsox-fmt-all libsox-fmt-alsa libsox-fmt-alsa-dbgsym libsox-fmt-ao libsox-fmt-ao-dbgsym libsox-fmt-base libsox-fmt-base-dbgsym libsox-fmt-mp3 libsox-fmt-mp3-dbgsym libsox-fmt-oss libsox-fmt-oss-dbgsym libsox-fmt-pulse libsox-fmt-pulse-dbgsym libsox3 libsox3-dbgsym sox sox-dbgsym
Architecture: source amd64
Version: 14.4.2+git20190427-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Changed-By: Tiago Bortoletto Vaz <tiago@debian.org>
Description:
libsox-dev - Development files for the SoX library
libsox-fmt-all - All SoX format libraries
libsox-fmt-alsa - SoX alsa format I/O library
libsox-fmt-ao - SoX Libao format I/O library
libsox-fmt-base - Minimal set of SoX format libraries
libsox-fmt-mp3 - SoX MP2 and MP3 format library
libsox-fmt-oss - SoX OSS format I/O library
libsox-fmt-pulse - SoX PulseAudio format I/O library
libsox3 - SoX library of audio effects and processing
sox - Swiss army knife of sound processing
Closes: 927906
Changes:
sox (14.4.2+git20190427-1) unstable; urgency=medium
.
* Add patches to fix CVE-2019-8354, CVE-2019-8355, CVE-2019-8356 and
CVE-2019-8357. Thanks to Moritz Muehlenhoff. (Closes: #927906)
Checksums-Sha1:
3cc439c792a6bf0ec10b0d4d120ab52fe6703144 2783 sox_14.4.2+git20190427-1.dsc
dc9668256b9d81ef25d672f14f12ec026b0b4087 935449 sox_14.4.2+git20190427.orig.tar.bz2
1a9a7643deef699977b45e7f69ac0a175837e8f4 24020 sox_14.4.2+git20190427-1.debian.tar.xz
44e2c0e8ae3f725dbfd4162a24cc186722c1d9ce 365400 libsox-dev_14.4.2+git20190427-1_amd64.deb
81ddedd97f57244e6d6663b7a82b7edcc574bdde 45836 libsox-fmt-all_14.4.2+git20190427-1_amd64.deb
d2a668c2fdd58f416097d9b8c2771e6b9534f45c 15712 libsox-fmt-alsa-dbgsym_14.4.2+git20190427-1_amd64.deb
57d9f787a0cb4df0c77a8edde7c06608ded46740 51236 libsox-fmt-alsa_14.4.2+git20190427-1_amd64.deb
76c79fa60640121ec3c849ccf2588c36b702178a 7688 libsox-fmt-ao-dbgsym_14.4.2+git20190427-1_amd64.deb
e648728f789b2b2d4f494d25a5ee2dc37fdf32db 48148 libsox-fmt-ao_14.4.2+git20190427-1_amd64.deb
2403390e8714273738b87090606647ae65450660 169916 libsox-fmt-base-dbgsym_14.4.2+git20190427-1_amd64.deb
d98a7f27aa5a15aa55edaedcece5cf26c337ee6b 72112 libsox-fmt-base_14.4.2+git20190427-1_amd64.deb
2ad6302491b6d55b37e77148af1407c98832433d 27008 libsox-fmt-mp3-dbgsym_14.4.2+git20190427-1_amd64.deb
495533cc893a1bb8c22808327bc74be487223707 56688 libsox-fmt-mp3_14.4.2+git20190427-1_amd64.deb
7ac585773bca8fa844b2d91b24f650341034c3a3 10368 libsox-fmt-oss-dbgsym_14.4.2+git20190427-1_amd64.deb
2d46f54263e720aad73261747ead49b70dc8cb8e 49712 libsox-fmt-oss_14.4.2+git20190427-1_amd64.deb
e6156b9b3e752067af929e5d82276e2e4bd30d98 7852 libsox-fmt-pulse-dbgsym_14.4.2+git20190427-1_amd64.deb
300c3aed344c1d77e965a76390ec8ec30a1829f0 48024 libsox-fmt-pulse_14.4.2+git20190427-1_amd64.deb
7e9698e4635d2e1b71174ab3846edc84acf2933e 587956 libsox3-dbgsym_14.4.2+git20190427-1_amd64.deb
f4bdc3f22b0bc0e143a818da1db3d1b0828b777c 263656 libsox3_14.4.2+git20190427-1_amd64.deb
503b11af05881a557a85a45306d94216749a4aa5 55756 sox-dbgsym_14.4.2+git20190427-1_amd64.deb
393c5009bc1833c30d4f2ae3297f0b95b0dba253 13171 sox_14.4.2+git20190427-1_amd64.buildinfo
4b729b298b95986c5613cd506635a4daa3c9147b 142108 sox_14.4.2+git20190427-1_amd64.deb
Checksums-Sha256:
da9c024ed6ac6b76b551cba21121a4652405fcde1d3f657f67b6ba8c339b8826 2783 sox_14.4.2+git20190427-1.dsc
81a6956d4330e75b5827316e44ae381e6f1e8928003c6aa45896da9041ea149c 935449 sox_14.4.2+git20190427.orig.tar.bz2
3a05828643ec53cd71a2950684d088e334d9916849f14e7c49655a794698cca0 24020 sox_14.4.2+git20190427-1.debian.tar.xz
c444da7923e4779283beecf3b69c8c7dc563bf4eb3cd7a367539c05eca6afda5 365400 libsox-dev_14.4.2+git20190427-1_amd64.deb
57664ebe1edd27eeff989cd71dabef7e2f785fa5e164f37f9e731535a6bc17d7 45836 libsox-fmt-all_14.4.2+git20190427-1_amd64.deb
a8f4801fe92b70a57e4e16f18689c6d8c7578defc9353e78e037387bf677d3ad 15712 libsox-fmt-alsa-dbgsym_14.4.2+git20190427-1_amd64.deb
79335e006395ff2d1aff1d8753c3cd5e45062d7a51694bd285cdb5b9f280c491 51236 libsox-fmt-alsa_14.4.2+git20190427-1_amd64.deb
8938c3fa00b6be83077a540b07f3f8182159f7c085167a1d8634a8090d0f8e58 7688 libsox-fmt-ao-dbgsym_14.4.2+git20190427-1_amd64.deb
2d12788d4d0f78235fd242eeb6b533e80a456a61a57ea0e874e6ab971979abeb 48148 libsox-fmt-ao_14.4.2+git20190427-1_amd64.deb
5e93df988434b0ff36e603f819dee5edd8460f1636e117c6489c773196bb6f3d 169916 libsox-fmt-base-dbgsym_14.4.2+git20190427-1_amd64.deb
621a28040b54363a30bc3a884ea934f12a3a764d0e0d065eb8416c4a5c3a2464 72112 libsox-fmt-base_14.4.2+git20190427-1_amd64.deb
21fe80832944a480131caf1507d4666997423de528d4892fd5b3bd0731a0311c 27008 libsox-fmt-mp3-dbgsym_14.4.2+git20190427-1_amd64.deb
12a3e9138046bee9753be753f5944e97ed3ffcc0a2fb3e99b127273daf8b0c52 56688 libsox-fmt-mp3_14.4.2+git20190427-1_amd64.deb
f39142d04918ea8ffccbc696f5237fee99aac0b4f918176ddf8a3946cbd3555e 10368 libsox-fmt-oss-dbgsym_14.4.2+git20190427-1_amd64.deb
4dbddef77e28af3db372ddca455b413b35f26dfc50b97eae7b091863c55b9f31 49712 libsox-fmt-oss_14.4.2+git20190427-1_amd64.deb
01b0a3981676038f2b07356ba435bb3d594b101d7a9f307aa068d1246d8ce5fa 7852 libsox-fmt-pulse-dbgsym_14.4.2+git20190427-1_amd64.deb
bd1283d25b7627c8facbfb8efc64a14e4441a2cfa6aaa285e7b2df9337779eb1 48024 libsox-fmt-pulse_14.4.2+git20190427-1_amd64.deb
0ab728630cc913afb8e24dd6202e1eb78a372d4396646bda41a6e0f496dd5644 587956 libsox3-dbgsym_14.4.2+git20190427-1_amd64.deb
1b4a4e64c06d0f02995a62c0765848f30d8a7865def2c7437bdbb153dcdeddd8 263656 libsox3_14.4.2+git20190427-1_amd64.deb
65503a06f898ed90f5b6b81ea2769b22f0a2f44e83ea725e16342d18edde9312 55756 sox-dbgsym_14.4.2+git20190427-1_amd64.deb
bcaf0ba893c60d917a67afc524445924753e31687b8095c8c5da8dcc811cc7b1 13171 sox_14.4.2+git20190427-1_amd64.buildinfo
d34cde5e96f9505ed1dfca2597b121ce37e62df69b1a0403b2b77b85d5556c1a 142108 sox_14.4.2+git20190427-1_amd64.deb
Files:
c128d14bf44be46ff917d81395dca886 2783 sound optional sox_14.4.2+git20190427-1.dsc
ba804bb1ce5c71dd484a102a5b27d0dd 935449 sound optional sox_14.4.2+git20190427.orig.tar.bz2
ab65d29884f150ec51adb8723e9e3051 24020 sound optional sox_14.4.2+git20190427-1.debian.tar.xz
aa34a3fc9970f2f96513493bbfe856e9 365400 libdevel optional libsox-dev_14.4.2+git20190427-1_amd64.deb
f4bfb4c1a05aa8831e16090864c7369a 45836 libs optional libsox-fmt-all_14.4.2+git20190427-1_amd64.deb
adc132ea0d561a5849d8dc5a566e5684 15712 debug optional libsox-fmt-alsa-dbgsym_14.4.2+git20190427-1_amd64.deb
b57242c65839d68c686fbd5609dc2dbd 51236 libs optional libsox-fmt-alsa_14.4.2+git20190427-1_amd64.deb
8f43b94c6c39b9b6d645f90a2be24cb2 7688 debug optional libsox-fmt-ao-dbgsym_14.4.2+git20190427-1_amd64.deb
5de7e59ba62b19c19670e9809a97f45b 48148 libs optional libsox-fmt-ao_14.4.2+git20190427-1_amd64.deb
6ee2744908f6abf40ecb708282b7c761 169916 debug optional libsox-fmt-base-dbgsym_14.4.2+git20190427-1_amd64.deb
ca66635f6ba79a71d293a6b74bb2c35d 72112 libs optional libsox-fmt-base_14.4.2+git20190427-1_amd64.deb
55e6061ad9af300dd5d62d667ba5c2b0 27008 debug optional libsox-fmt-mp3-dbgsym_14.4.2+git20190427-1_amd64.deb
9631c8e5fb25ef6ac029b4586349162b 56688 libs optional libsox-fmt-mp3_14.4.2+git20190427-1_amd64.deb
ca0a22b4aa48a3f5488cbfa599f1ebad 10368 debug optional libsox-fmt-oss-dbgsym_14.4.2+git20190427-1_amd64.deb
ca19d6796602968c161633bfd7992d93 49712 libs optional libsox-fmt-oss_14.4.2+git20190427-1_amd64.deb
da94b1730a847a04cd85343998dfbb91 7852 debug optional libsox-fmt-pulse-dbgsym_14.4.2+git20190427-1_amd64.deb
bdfd3ac81cbe3544ab5bbcc808cf931e 48024 libs optional libsox-fmt-pulse_14.4.2+git20190427-1_amd64.deb
c77dded7c4d0105c0826354065b9970d 587956 debug optional libsox3-dbgsym_14.4.2+git20190427-1_amd64.deb
4aaff37845d865a4282fea950bc1375c 263656 libs optional libsox3_14.4.2+git20190427-1_amd64.deb
eb61ae4324ea7ab36c32a73675a8072b 55756 debug optional sox-dbgsym_14.4.2+git20190427-1_amd64.deb
05ffa1b67a5d0d5084266b897210a9ba 13171 sound optional sox_14.4.2+git20190427-1_amd64.buildinfo
c6f3afca1a311a5a7e22b9159e22e17e 142108 sound optional sox_14.4.2+git20190427-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEYsAXsSqWkZu7etRd2EdHrOS2gT0FAlzEzgcACgkQ2EdHrOS2
gT0wSw/7BBCF11fPavO72EHzJqRRRhJd1AkEd/6mLqKiEguQrvHuYaHiZG1Xp1ML
iDHRFUkG1ULOIzZ2VdfD/5jCNCLeaz08TYA0yHPP1+KIap3xhRFGHziiZLiT/CvY
MArm5W48ZUrFaVZbUoGTVhOcDZ2orIMyN6KNjI00m5OuTERb1lbGG/aLk3F0g5Wg
cpPTnRf+CnDkaIXMkTh4Tiiv8fvJKACbhBdsEKbx8/ppC2MWbiRI82QLGAaRIisE
Nde0xfcGVDT8haCbMRYDo7tCSIJdXvvRR6nCnsaCwIeOtGjE8/nOAoHeFK7w5Ob2
NxB8b6NaCet5TDwWBhLp1XHvMGLs9RkrKMJ5WTWSC2AmRpdGOiLdDXbdpP9cg4+Y
2GISmWUjKw9N3+3zwQi2X/1Ic5P7XTln16REvH2gonhySqlmCCfUyfb0xHlZWZHv
Hg1KjIyaVFI6FWTmE+r2wcFPdpuliGKmRzC4Gru1SX89c5qM3QUN0apRuiN4p2iO
wrSla7atcdLmLryE0kJFa4ZVVbzpjDfWGNHsTtU8oN9qz5NBJyB7fq0jlqxgRW5S
0OfXRpntrKXZAjCMw6aR2FmQqb4jyeCwlpd50s9D1IdlqdHLCbeSJQ5Z68R9ehAF
KWy8yRAx51lFNHnRoNRkKX4NNdWtb+OEq95J/uMsIX10wAiGmZc=
=lwDg
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 26 May 2019 07:26:04 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 15:03:26 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon