Format: 1.8 Date: Thu, 31 Jan 2019 11:22:54 -0500 Source: sox Binary: sox libsox2 libsox-fmt-base libsox-fmt-alsa libsox-fmt-ao libsox-fmt-mp3 libsox-fmt-oss libsox-fmt-pulse libsox-fmt-all libsox-dev Architecture: ppc64el Version: 14.4.1-3ubuntu1.1 Distribution: trusty Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Mike Salvatore Description: libsox-dev - Development files for the SoX library libsox-fmt-all - All SoX format libraries libsox-fmt-alsa - SoX alsa format I/O library libsox-fmt-ao - SoX Libao format I/O library libsox-fmt-base - Minimal set of SoX format libraries libsox-fmt-mp3 - SoX MP2 and MP3 format library libsox-fmt-oss - SoX OSS format I/O library libsox-fmt-pulse - SoX PulseAudio format I/O library libsox2 - SoX library of audio effects and processing sox - Swiss army knife of sound processing Changes: sox (14.4.1-3ubuntu1.1) trusty-security; urgency=medium . * SECURITY UPDATE: Buffer overflow - debian/patches/0001-Check-for-minimum-size-sphere-headers.patch: Avoid integer underflow by validating the header_size_ul for NIST sphere formatted media files. - debian/patches/0002-More-checks-for-invalid-MS-ADPCM-blocks.patch: Check the number of samples in a wav block against the expected samples per block. - CVE-2014-8145 * SECURITY UPDATE: Division by zero - debian/patches/CVE-2017-11332.patch: wav: fix crash if channel count is zero - CVE-2017-11332 * SECURITY UPDATE: Division by zero - debian/patches/CVE-2017-11358.patch: hcom: fix crash on input with corrupt dictionary - CVE-2017-11358 * SECURITY UPDATE: Invalid memory read - debian/patches/CVE-2017-11359.patch: wav: fix crash writing header when channel count >64k - CVE-2017-11359 * SECURITY UPDATE: Buffer overflow - debian/patches/CVE-2017-15370.patch: wav: ima_adpcm: fix buffer overflow on corrupt input - CVE-2017-15370 * SECURITY UPDATE: Buffer overflow - debian/patches/CVE-2017-15371.patch: flac: fix crash on corrupt metadata - CVE-2017-15371 * SECURITY UPDATE: Buffer overflow - debian/patches/CVE-2017-15372.patch: adpcm: fix stack overflow with >4 channels - CVE-2017-15372 * SECURITY UPDATE: Use after free - debian/patches/CVE-2017-15642.patch: adpcm: fix a user after free and double free if an empty comment chunk follows a non-empty one. - CVE-2017-15642 * SECURITY UPDATE: NULL pointer dereference - debian/patches/CVE-2017-18189.patch: Prevent infinite loop caused by specifying zero channels in a header. Also add an upper bound to prevent overflow in multiplication - CVE-2017-18189 Checksums-Sha1: 4632f02cfb3aea43368d50ba368c4527725d9d94 97802 sox_14.4.1-3ubuntu1.1_ppc64el.deb fe5ce18b1bb0aa8998407cfea4f23a79f8736646 239974 libsox2_14.4.1-3ubuntu1.1_ppc64el.deb 369ea3731cabd14711b392049f4c7ff4026ed5de 27406 libsox-fmt-base_14.4.1-3ubuntu1.1_ppc64el.deb a4c8cb8d7c4a01d10d35eb4071b3d034976b2713 8656 libsox-fmt-alsa_14.4.1-3ubuntu1.1_ppc64el.deb 0ae506f0b94fcced6a551a35db77d996b313dd21 4296 libsox-fmt-ao_14.4.1-3ubuntu1.1_ppc64el.deb 872ccb2989e44d4bbda210a700fe1f49b9aecc3b 12400 libsox-fmt-mp3_14.4.1-3ubuntu1.1_ppc64el.deb 0075d86aa03c3a3109e0d4273d34e46e89efab8c 4738 libsox-fmt-oss_14.4.1-3ubuntu1.1_ppc64el.deb a36ae60727dd4c105f7b19fdb99fe6da8cfd6539 4108 libsox-fmt-pulse_14.4.1-3ubuntu1.1_ppc64el.deb efc4af63aeef2c7ca7e614b585c7cfd9c4a22f71 1716 libsox-fmt-all_14.4.1-3ubuntu1.1_ppc64el.deb 24dddd5a6c81f8bca40a8c776259cef318019e46 344678 libsox-dev_14.4.1-3ubuntu1.1_ppc64el.deb cd7ecd899839bfe683c59db807a67c92d33fd597 46868 sox-dbgsym_14.4.1-3ubuntu1.1_ppc64el.ddeb 6b1cd2b3ccc249a8879a2e800dde2e61d09b0292 393934 libsox2-dbgsym_14.4.1-3ubuntu1.1_ppc64el.ddeb b2a9de95b71e723e4ee82463e84b7bc310d737e4 66106 libsox-fmt-base-dbgsym_14.4.1-3ubuntu1.1_ppc64el.ddeb 48537d27194a732c00a1ac7621a705ca2b95a1f8 13728 libsox-fmt-alsa-dbgsym_14.4.1-3ubuntu1.1_ppc64el.ddeb a4c342943979737ef0549594826c581093db9af8 7094 libsox-fmt-ao-dbgsym_14.4.1-3ubuntu1.1_ppc64el.ddeb d565b4d5c0fa2aee8b67eb26984c53d812728379 22102 libsox-fmt-mp3-dbgsym_14.4.1-3ubuntu1.1_ppc64el.ddeb 0a2474a625392d025e88e140866479bbf68b686a 6524 libsox-fmt-oss-dbgsym_14.4.1-3ubuntu1.1_ppc64el.ddeb d68958f8c71d7e94f1e599bfffeafedcaada4b62 7462 libsox-fmt-pulse-dbgsym_14.4.1-3ubuntu1.1_ppc64el.ddeb Checksums-Sha256: 8a72b59ba3d5ea850291699b6415f188ae09eeb9069a1beafb0678b82dfaf12e 97802 sox_14.4.1-3ubuntu1.1_ppc64el.deb 7f46531e3087bf133ed693f77378a60bb0ceae02e30230c17634794d28327c96 239974 libsox2_14.4.1-3ubuntu1.1_ppc64el.deb cc76071e7246dddcc991d6a6516ce77e363bd62c638e7543292ed9ffe9e2b7fd 27406 libsox-fmt-base_14.4.1-3ubuntu1.1_ppc64el.deb db90090ea9236ba57a40663b92b0a03926a391dda6df76bdfd3ac6573c269a37 8656 libsox-fmt-alsa_14.4.1-3ubuntu1.1_ppc64el.deb 3caecc95155f61c5afdadf652d09b5b2ca0a163b568532938441bf5fa76568be 4296 libsox-fmt-ao_14.4.1-3ubuntu1.1_ppc64el.deb 4f6660875cbd898c9a6d3bf4b424369946271c1af3e4ec47acdbb0cd39eed113 12400 libsox-fmt-mp3_14.4.1-3ubuntu1.1_ppc64el.deb 96a7e25d68a402b99e855bd331efc34759ff5d41a77dc05c8c3bad3a6698c326 4738 libsox-fmt-oss_14.4.1-3ubuntu1.1_ppc64el.deb aecd61e71e32035951f83dccb88dcd710580f4df5292c5c92fde968083426054 4108 libsox-fmt-pulse_14.4.1-3ubuntu1.1_ppc64el.deb 40008839142db80c65edf9c5888cf9cb128d78df85dd58824108a2b73cb04cf6 1716 libsox-fmt-all_14.4.1-3ubuntu1.1_ppc64el.deb b33351485496be90db4877a7f3f67c0370f1018af62083f98ad5e31804c0aa98 344678 libsox-dev_14.4.1-3ubuntu1.1_ppc64el.deb 07b765676055e45469d3cd4108ec09979e48b1392d955a56fb9734340d3ce85b 46868 sox-dbgsym_14.4.1-3ubuntu1.1_ppc64el.ddeb 3db86ecbcbf2e5ec2b0a58d8b58b5306b80acfff1593972455ac7adaaf4e6aac 393934 libsox2-dbgsym_14.4.1-3ubuntu1.1_ppc64el.ddeb a874463f8c340c7d3d0eb783564e5a9ba25a01048e2ee3fa73c8b9eda6dd4e41 66106 libsox-fmt-base-dbgsym_14.4.1-3ubuntu1.1_ppc64el.ddeb 8a40a5b51b1f732d052fa47d473619dc6ca7660e8d3a9a06261b1f29ae5d501c 13728 libsox-fmt-alsa-dbgsym_14.4.1-3ubuntu1.1_ppc64el.ddeb 89f79179e6a64ab4ae1295b19c6111db774efe88ea0206d613438ee95f27d79f 7094 libsox-fmt-ao-dbgsym_14.4.1-3ubuntu1.1_ppc64el.ddeb 1fa1de76457195f74ea3662bfc17545ca9f9607d6a77b3eac5f96f4d7c782053 22102 libsox-fmt-mp3-dbgsym_14.4.1-3ubuntu1.1_ppc64el.ddeb 9c96e1a460a32dc60c666033bb42d1e92404d554fc9c53b30510c847563d3e25 6524 libsox-fmt-oss-dbgsym_14.4.1-3ubuntu1.1_ppc64el.ddeb 18cc34d38e2d2b7ca5ef794f64450ceb05beddb72db2cf88db45a10434bec594 7462 libsox-fmt-pulse-dbgsym_14.4.1-3ubuntu1.1_ppc64el.ddeb Files: a45176163d5d04764324106a3b2ba0d3 97802 sound optional sox_14.4.1-3ubuntu1.1_ppc64el.deb 7be50e0c8fd336e17dec5f2d94317e7a 239974 libs optional libsox2_14.4.1-3ubuntu1.1_ppc64el.deb af55a1db8d63d807be110d1e51ec5bd3 27406 libs optional libsox-fmt-base_14.4.1-3ubuntu1.1_ppc64el.deb 2a95b4a6c351818a41e3fe765de3f302 8656 libs optional libsox-fmt-alsa_14.4.1-3ubuntu1.1_ppc64el.deb 7c5379a02c6a373eea845c443d66fa37 4296 libs optional libsox-fmt-ao_14.4.1-3ubuntu1.1_ppc64el.deb 0eb542df1fc8709bfb6bc66d2964142e 12400 libs optional libsox-fmt-mp3_14.4.1-3ubuntu1.1_ppc64el.deb 429b574e55bc5180b758e7562a6b7b34 4738 libs optional libsox-fmt-oss_14.4.1-3ubuntu1.1_ppc64el.deb 4d23a782dbc0c756b28b21da1ec7ef3a 4108 libs optional libsox-fmt-pulse_14.4.1-3ubuntu1.1_ppc64el.deb ab4b8ed93a0b225325e3eacbb4ce76a9 1716 libs optional libsox-fmt-all_14.4.1-3ubuntu1.1_ppc64el.deb 4762f752ad946c14d18c4862edfc042d 344678 libdevel optional libsox-dev_14.4.1-3ubuntu1.1_ppc64el.deb 23942f2421acd83baa1f374a8200be17 46868 sound extra sox-dbgsym_14.4.1-3ubuntu1.1_ppc64el.ddeb 80c9fcd15b7f9672517be3b770d7f994 393934 libs extra libsox2-dbgsym_14.4.1-3ubuntu1.1_ppc64el.ddeb b76ef2229cb27e181ea1c7f65ebaffbe 66106 libs extra libsox-fmt-base-dbgsym_14.4.1-3ubuntu1.1_ppc64el.ddeb 5a6747127582c2cd42416ca83fef4cef 13728 libs extra libsox-fmt-alsa-dbgsym_14.4.1-3ubuntu1.1_ppc64el.ddeb c1ff29b9bb23899605649505cea4799d 7094 libs extra libsox-fmt-ao-dbgsym_14.4.1-3ubuntu1.1_ppc64el.ddeb 12e334c024c78a28a90cecf7fb4b3d49 22102 libs extra libsox-fmt-mp3-dbgsym_14.4.1-3ubuntu1.1_ppc64el.ddeb 1f8b8d6fc0c4acd2593b7c1e6cb0b9c6 6524 libs extra libsox-fmt-oss-dbgsym_14.4.1-3ubuntu1.1_ppc64el.ddeb 95b517a87073d3e5225bda0d9f4681e4 7462 libs extra libsox-fmt-pulse-dbgsym_14.4.1-3ubuntu1.1_ppc64el.ddeb Original-Maintainer: Pascal Giard