sox 14.4.1-5+deb8u4ubuntu0.1 source package in Ubuntu

Changelog

sox (14.4.1-5+deb8u4ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: Merge from Debian
    - Fixes:
      - CVE-2019-8354
      - CVE-2019-8356
      - CVE-2019-8357
    - Fixes overwritten by Debian:
      - CVE-2017-11332
      - CVE-2017-11358
      - CVE-2017-11359
      - CVE-2017-15370
      - CVE-2017-15371
      - CVE-2017-15372
      - CVE-2017-15642
      - CVE-2017-18189
    - Ignored Debian's "override_dh_strip" in debian/rules as this change was
      made by mistake

sox (14.4.1-5+deb8u4) jessie-security; urgency=medium

  * Non-maintainer upload by the LTS Team.
  * CVE-2019-8354, CVE-2019-8355: buffer overflow in valloc functions.
  * CVE-2019-8356: stack-based buffer overflow in bitrv2().
  * CVE-2019-8357: NULL pointer dereference in lsx_make_lpf().

sox (14.4.1-5+deb8u3) jessie-security; urgency=high

  * Non-maintainer upload by the LTS Team.
  * CVE-2017-15371: reachable assertion in sox_append_comment() (formats.c)
    (Closes: #878809).
  * CVE-2017-11359: divide-by-zero error wavwritehdr function (wav.c)
    (Closes: #870328).
  * CVE-2017-11332: divide-by-zero error in startread function (wav.c).
  * CVE-2017-11358: invalid memory read in read_samples function (hcom.c).

sox (14.4.1-5+deb8u2) jessie-security; urgency=high

  * Non-maintainer upload by the LTS Team.
  * CVE-2017-15370: heap-based buffer overflow in the ImaExpandS function
    of ima_rw.c (Closes: #878810).
  * CVE-2017-15372: stack-based buffer overflow in the
    lsx_ms_adpcm_block_expand_i function of adpcm.c (Closes: #878808).
  * CVE-2017-18189: null pointer dereference caused by corrupt header
    specifying zero channels, sending read_channels() into an infinite loop
    (Closes: #881121).
  * CVE-2017-15642: use-after-free in output_message, triggered by crafted
    aiff file (Closes: #882144).

sox (14.4.1-5+deb8u1) jessie-security; urgency=medium

  * Non-maintainer upload.
  * Add patches for CVE-2014-8145 to series file and really apply fixes.
    Thanks to Mike Salvatore for spotting the issue. (Closes: #773720)

 -- Eduardo Barretto <email address hidden>  Mon, 29 Jul 2019 11:35:57 -0300

Upload details

Uploaded by:
Eduardo dos Santos Barretto on 2019-07-30
Uploaded to:
Xenial
Original maintainer:
Ubuntu Developers
Architectures:
any
Section:
sound
Urgency:
Very Urgent

See full publishing history Publishing

Series Pocket Published Component Section
Xenial updates on 2019-07-30 universe sound
Xenial security on 2019-07-30 universe sound

Downloads

File Size SHA-256 Checksum
sox_14.4.1.orig.tar.gz 1.1 MiB 9a8c2c6fe51e608da346a157e111508a957af9e3ecf3de26781d36e9a67fa89b
sox_14.4.1-5+deb8u4ubuntu0.1.debian.tar.xz 19.2 KiB e2d3435fc9a1688c10b491e99aec6183727f3aeb9ed63d851b09dd0e3b5cff0c
sox_14.4.1-5+deb8u4ubuntu0.1.dsc 2.7 KiB e55e879d8eb3e68e58e90623cb17dfae4850da1110773d0db070aefd837e7a45

View changes file

Binary packages built by this source

libsox-dev: Development files for the SoX library

 SoX is the swiss army knife of sound processing.
 .
 This package contains the development files for the SoX library.

libsox-fmt-all: All SoX format libraries

 SoX is the swiss army knife of sound processing.
 .
 This is a metapackage depending on all free SoX format libraries.

libsox-fmt-alsa: SoX alsa format I/O library

 SoX is the swiss army knife of sound processing.
 .
 This package contains the SoX alsa format I/O library.
 .
 alsa: http://www.alsa-project.org

libsox-fmt-alsa-dbgsym: debug symbols for package libsox-fmt-alsa

 SoX is the swiss army knife of sound processing.
 .
 This package contains the SoX alsa format I/O library.
 .
 alsa: http://www.alsa-project.org

libsox-fmt-ao: SoX Libao format I/O library

 SoX is the swiss army knife of sound processing.
 .
 This package contains the SoX Libao format I/O library.
 .
 libao: http://xiph.org/ao

libsox-fmt-ao-dbgsym: debug symbols for package libsox-fmt-ao

 SoX is the swiss army knife of sound processing.
 .
 This package contains the SoX Libao format I/O library.
 .
 libao: http://xiph.org/ao

libsox-fmt-base: Minimal set of SoX format libraries

 SoX is the swiss army knife of sound processing.
 .
 This package contains most audio formats libraries supported by SoX.
 Among them: Ogg Vorbis, WAV, AIFF, VOC, SND, AU, GSM, WavPack, LPC10, FLAC,
 MATLAB/GNU Octave, Portable Voice Format, AMR and Sound Forge Audio Format.

libsox-fmt-base-dbgsym: debug symbols for package libsox-fmt-base

 SoX is the swiss army knife of sound processing.
 .
 This package contains most audio formats libraries supported by SoX.
 Among them: Ogg Vorbis, WAV, AIFF, VOC, SND, AU, GSM, WavPack, LPC10, FLAC,
 MATLAB/GNU Octave, Portable Voice Format, AMR and Sound Forge Audio Format.

libsox-fmt-mp3: SoX MP2 and MP3 format library

 SoX is the swiss army knife of sound processing.
 .
 This package contains the SoX MP2 and MP3 format library.
 Read support by libmad. MP2 and MP3 write support by libtwolame and
 libmp3lame respectively.
 .
 libmad: http://www.underbit.com/products/mad/
 lame: http://lame.sourceforge.net/

libsox-fmt-mp3-dbgsym: debug symbols for package libsox-fmt-mp3

 SoX is the swiss army knife of sound processing.
 .
 This package contains the SoX MP2 and MP3 format library.
 Read support by libmad. MP2 and MP3 write support by libtwolame and
 libmp3lame respectively.
 .
 libmad: http://www.underbit.com/products/mad/
 lame: http://lame.sourceforge.net/

libsox-fmt-oss: SoX OSS format I/O library

 SoX is the swiss army knife of sound processing.
 .
 This package contains the SoX Open Sound System (OSS)
 format I/O library.
 .
 Open Sound System: http://www.opensound.com/oss.html

libsox-fmt-oss-dbgsym: debug symbols for package libsox-fmt-oss

 SoX is the swiss army knife of sound processing.
 .
 This package contains the SoX Open Sound System (OSS)
 format I/O library.
 .
 Open Sound System: http://www.opensound.com/oss.html

libsox-fmt-pulse: SoX PulseAudio format I/O library

 SoX is the swiss army knife of sound processing.
 .
 This package contains the SoX PulseAudio format I/O library.
 .
 PulseAudio: http://www.pulseaudio.org/

libsox-fmt-pulse-dbgsym: debug symbols for package libsox-fmt-pulse

 SoX is the swiss army knife of sound processing.
 .
 This package contains the SoX PulseAudio format I/O library.
 .
 PulseAudio: http://www.pulseaudio.org/

libsox2: SoX library of audio effects and processing

 SoX is the swiss army knife of sound processing.
 .
 This package contains the SoX library which enables to convert various formats
 of computer audio files in to other formats. It also allows you to apply
 various effects to sound files.
 .
 Any format support requires at least libsox-fmt-base.
 Sound card I/O requires libsox-fmt-alsa, libsox-fmt-ao, libsox-fmt-oss or
 libsox-fmt-pulse.

libsox2-dbgsym: debug symbols for package libsox2

 SoX is the swiss army knife of sound processing.
 .
 This package contains the SoX library which enables to convert various formats
 of computer audio files in to other formats. It also allows you to apply
 various effects to sound files.
 .
 Any format support requires at least libsox-fmt-base.
 Sound card I/O requires libsox-fmt-alsa, libsox-fmt-ao, libsox-fmt-oss or
 libsox-fmt-pulse.

sox: Swiss army knife of sound processing

 SoX is a command line utility that can convert various formats of computer
 audio files in to other formats. It can also apply various effects to these
 sound files during the conversion. As an added bonus, SoX can play and record
 audio files on several unix-style platforms.
 .
 SoX is able to handle formats like Ogg Vorbis, MP3, WAV, AIFF, VOC, SND, AU,
 GSM and several more.
 Any format support requires at least libsox-fmt-base. Some formats have their
 own package e.g. mp3 read and write support is provided by libsox-fmt-mp3.
 .
 SoX supports most common sound architectures i.e. Alsa, Libao, OSS and Pulse
 (respectively provided by libsox-fmt-alsa, libsox-fmt-ao, libsox-fmt-oss and
 libsox-fmt-pulse). It also supports LADSPA plugins.

sox-dbgsym: debug symbols for package sox

 SoX is a command line utility that can convert various formats of computer
 audio files in to other formats. It can also apply various effects to these
 sound files during the conversion. As an added bonus, SoX can play and record
 audio files on several unix-style platforms.
 .
 SoX is able to handle formats like Ogg Vorbis, MP3, WAV, AIFF, VOC, SND, AU,
 GSM and several more.
 Any format support requires at least libsox-fmt-base. Some formats have their
 own package e.g. mp3 read and write support is provided by libsox-fmt-mp3.
 .
 SoX supports most common sound architectures i.e. Alsa, Libao, OSS and Pulse
 (respectively provided by libsox-fmt-alsa, libsox-fmt-ao, libsox-fmt-oss and
 libsox-fmt-pulse). It also supports LADSPA plugins.