-
sox (14.4.2+git20190427-3.4ubuntu1.1) lunar-security; urgency=medium
* SECURITY UPDATE: denial of service
- debian/patches/CVE-2023-32627.patch: fixed a possible floating
point exception in the read_samples function.
- CVE-2023-32627
-- Allen Huang <email address hidden> Wed, 06 Sep 2023 13:02:21 +0100
-
sox (14.4.2+git20190427-3.4ubuntu1) lunar; urgency=medium
* SECURITY REGRESSION: Denial of Service
- debian/patches/CVE-2021-33844.patch: fixed regression in wav-gsm
decodeing introduced via fixing CVE-2021-33844.
- CVE-2021-33844
-- Amir Naseredini <email address hidden> Fri, 17 Mar 2023 17:06:32 +0000
-
sox (14.4.2+git20190427-3.4) unstable; urgency=medium
* Non-maintainer upload.
* Ignore test failure on all mipsen (Addresses: #1030674)
-- Helmut Grohne <email address hidden> Tue, 07 Feb 2023 22:21:09 +0100
-
sox (14.4.2+git20190427-3.3) unstable; urgency=medium
* Non-maintainer upload.
* Ignore test failure on mips64el (Addresses: #1030674)
-- Helmut Grohne <email address hidden> Mon, 06 Feb 2023 13:02:25 +0100
-
sox (14.4.2+git20190427-3.2) unstable; urgency=medium
* Non-maintainer upload.
* Drop the CVE-unasssigned patch together with my own unnecessary change
introducing the vulnerability: The buffer is overallocated by 16-1 bytes
already and we don't overflow if we don't add to it.
* Replace CVE-2017-11358 patch with the non-broken one from upstream
* Fix big endian 64bit FTBFS: Import upstream patch to fix hcom writing
* Improve CVE-2021-23159 patch to also reject empty dictionaries.
The incomplete fix would allow an out-of-bounds read.
* Improve CVE-2021-3643 patch to also reject word width 1.
The incomplete fix would allow an out-of-bounds read.
-- Helmut Grohne <email address hidden> Sun, 05 Feb 2023 13:13:59 +0100
-
sox (14.4.2+git20190427-3.1) unstable; urgency=medium
* Non-maintainer upload.
* Fix some resource leaks.
* Fix regression in hcom reader introduced via CVE-2017-11358. (Closes:
#933372)
* Enable test suite.
* Fix CVE-2021-3643 and CVE-2021-23210: voc validation (Closes: #1010374)
* Fix CVE-2021-23159 and CVE-2021-23172: hcom validation
(Closes: #1021133, #1021134)
* Fix CVE-2021-33844: wav validation (Closes: #1021135)
* Fix CVE-2021-40426: sphere validation (Closes: #1012138)
* Fix CVE-2022-31650: aiff validation (Closes: #1012516)
* Fix CVE-2022-31651: reject implausible rate (Closes: #1012516)
* Fix CVE-unasssigned: integer overflow
* Silence dh_missing
* Add an autopkgtest
-- Helmut Grohne <email address hidden> Fri, 03 Feb 2023 10:21:33 +0100
-
sox (14.4.2+git20190427-3build1) lunar; urgency=medium
* No-change rebuild against libflac++10 & libflac12.
-- Rik Mills <email address hidden> Tue, 29 Nov 2022 17:27:54 +0000
-
sox (14.4.2+git20190427-3) unstable; urgency=medium
* Team upload
[ Debian Janitor ]
* Drop no longer supported add-log-mailing-address setting from
debian/changelog.
* Fix day-of-week for changelog entries 12.16-1, 12.14-1, 11gamma-cb3-
5, 11gamma-cb3-4.
[ Sebastian Ramacher ]
* debian/control:
- Bump Standards-Version
- Replace libltdl3-dev with libltdl-dev
-- Sebastian Ramacher <email address hidden> Wed, 06 Apr 2022 10:10:57 +0200