Format: 1.8 Date: Thu, 31 Jan 2019 10:18:20 -0500 Source: sox Binary: sox libsox2 libsox-fmt-base libsox-fmt-alsa libsox-fmt-ao libsox-fmt-mp3 libsox-fmt-oss libsox-fmt-pulse libsox-fmt-all libsox-dev Architecture: ppc64el Version: 14.4.1-5ubuntu0.1 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Mike Salvatore Description: libsox-dev - Development files for the SoX library libsox-fmt-all - All SoX format libraries libsox-fmt-alsa - SoX alsa format I/O library libsox-fmt-ao - SoX Libao format I/O library libsox-fmt-base - Minimal set of SoX format libraries libsox-fmt-mp3 - SoX MP2 and MP3 format library libsox-fmt-oss - SoX OSS format I/O library libsox-fmt-pulse - SoX PulseAudio format I/O library libsox2 - SoX library of audio effects and processing sox - Swiss army knife of sound processing Changes: sox (14.4.1-5ubuntu0.1) xenial-security; urgency=medium . * SECURITY UPDATE: Buffer overflow - debian/patches/0001-Check-for-minimum-size-sphere-headers.patch: Avoid integer underflow by validating the header_size_ul for NIST sphere formatted media files. - debian/patches/0002-More-checks-for-invalid-MS-ADPCM-blocks.patch: Check the number of samples in a wav block against the expected samples per block. - CVE-2014-8145 * SECURITY UPDATE: Division by zero - debian/patches/CVE-2017-11332.patch: wav: fix crash if channel count is zero - CVE-2017-11332 * SECURITY UPDATE: Division by zero - debian/patches/CVE-2017-11358.patch: hcom: fix crash on input with corrupt dictionary - CVE-2017-11358 * SECURITY UPDATE: Invalid memory read - debian/patches/CVE-2017-11359.patch: wav: fix crash writing header when channel count >64k - CVE-2017-11359 * SECURITY UPDATE: Buffer overflow - debian/patches/CVE-2017-15370.patch: wav: ima_adpcm: fix buffer overflow on corrupt input - CVE-2017-15370 * SECURITY UPDATE: Buffer overflow - debian/patches/CVE-2017-15371.patch: flac: fix crash on corrupt metadata - CVE-2017-15371 * SECURITY UPDATE: Buffer overflow - debian/patches/CVE-2017-15372.patch: adpcm: fix stack overflow with >4 channels - CVE-2017-15372 * SECURITY UPDATE: Use after free - debian/patches/CVE-2017-15642.patch: adpcm: fix a user after free and double free if an empty comment chunk follows a non-empty one. - CVE-2017-15642 * SECURITY UPDATE: NULL pointer dereference - debian/patches/CVE-2017-18189.patch: Prevent infinite loop caused by specifying zero channels in a header. Also add an upper bound to prevent overflow in multiplication - CVE-2017-18189 Checksums-Sha1: ca26b111d741c83ebb85d2a40cb5f727c12ecfad 351274 libsox-dev_14.4.1-5ubuntu0.1_ppc64el.deb 97f26527084a6933b056814bcd5949efc4d802df 1714 libsox-fmt-all_14.4.1-5ubuntu0.1_ppc64el.deb 09fbbf50c8bb2e270cfee77e5404d891a33d3026 14944 libsox-fmt-alsa-dbgsym_14.4.1-5ubuntu0.1_ppc64el.ddeb 550ee1b72ad306c2f7f2d00586cf1274ba9206d8 10152 libsox-fmt-alsa_14.4.1-5ubuntu0.1_ppc64el.deb f2d5091ebde11e86d47811b39fda19b29c9388d6 6648 libsox-fmt-ao-dbgsym_14.4.1-5ubuntu0.1_ppc64el.ddeb 1bbe2789095f0d44a51a07901c00bcca9faa3078 4312 libsox-fmt-ao_14.4.1-5ubuntu0.1_ppc64el.deb 1239e356ac7cc9451d7a7fce47b28546cdb8076f 62820 libsox-fmt-base-dbgsym_14.4.1-5ubuntu0.1_ppc64el.ddeb 40fb6be9149e2d67f76d5fe264cc5e98e8797d24 27464 libsox-fmt-base_14.4.1-5ubuntu0.1_ppc64el.deb 6047afdee88f75bf150c9641558ef0fdeb13ec53 21684 libsox-fmt-mp3-dbgsym_14.4.1-5ubuntu0.1_ppc64el.ddeb 175f47ca19d1eda21aece13a61394e5e19ea8eb6 12460 libsox-fmt-mp3_14.4.1-5ubuntu0.1_ppc64el.deb 193f7d7a7521a6f5387e5b41ce461d03055bde32 6228 libsox-fmt-oss-dbgsym_14.4.1-5ubuntu0.1_ppc64el.ddeb 000bd6051a83c8f9ee1da3f18f3a5f1ef439bd00 4802 libsox-fmt-oss_14.4.1-5ubuntu0.1_ppc64el.deb 988fac578e30a3da30ee019b7a89b17b3bef3fcd 6962 libsox-fmt-pulse-dbgsym_14.4.1-5ubuntu0.1_ppc64el.ddeb 64164674d1b92b2f95a10f9faf998758cbc0dc25 4244 libsox-fmt-pulse_14.4.1-5ubuntu0.1_ppc64el.deb eaef7fae4a19f86f795d77e838251885925d8d46 386162 libsox2-dbgsym_14.4.1-5ubuntu0.1_ppc64el.ddeb 1ed54924bb81344467310b061da599c9cec74def 245248 libsox2_14.4.1-5ubuntu0.1_ppc64el.deb a52d88cb176b7474e866d55af75b5df1b0d5930d 46498 sox-dbgsym_14.4.1-5ubuntu0.1_ppc64el.ddeb c74e730c7a5d8923f0f5cffb230297d45eacb2fc 97694 sox_14.4.1-5ubuntu0.1_ppc64el.deb Checksums-Sha256: 4c4c7f7415f1584eab4e4b68b6c89d875fab44992f1092001201b4970981261c 351274 libsox-dev_14.4.1-5ubuntu0.1_ppc64el.deb e1b7e7af6fdfe5d26fd060bb110747ab533180ad31e822bc108ded6a9dbdca35 1714 libsox-fmt-all_14.4.1-5ubuntu0.1_ppc64el.deb 1227cd7edd145abf0ec786a76c17059aa2f583791b971cfb9d70a09a43038ab1 14944 libsox-fmt-alsa-dbgsym_14.4.1-5ubuntu0.1_ppc64el.ddeb 97e02272ee1b1b5712a7553ccd61952e73aea0c02ca704bdd8e60433606f736c 10152 libsox-fmt-alsa_14.4.1-5ubuntu0.1_ppc64el.deb 3dc11a14de7ed2dd026b5e533b755948cec9121e556f719efe4acab096f01044 6648 libsox-fmt-ao-dbgsym_14.4.1-5ubuntu0.1_ppc64el.ddeb e38f60bd89c6d57dca832e19d82c9a86e79200d03d1907926ecea9c834779237 4312 libsox-fmt-ao_14.4.1-5ubuntu0.1_ppc64el.deb 6523ba3bb179c65e738868a186b2e11eb9d8c20614d2e0d5715cc40d33f25f32 62820 libsox-fmt-base-dbgsym_14.4.1-5ubuntu0.1_ppc64el.ddeb 6c1890c776d9b6eeadbd9d34412b5577d8be7930e652395fb91f35d4a8003c5b 27464 libsox-fmt-base_14.4.1-5ubuntu0.1_ppc64el.deb a87eb953a1519cf60d4152acf5f19afd21c382971310b9b0b91a355b59486c6a 21684 libsox-fmt-mp3-dbgsym_14.4.1-5ubuntu0.1_ppc64el.ddeb d6ffa4a6dec2f0da8600b3df13ebe16a2bb19d8da34a781785dc315e3bc5e4f2 12460 libsox-fmt-mp3_14.4.1-5ubuntu0.1_ppc64el.deb 51bf90b3bdaa180befb935afe471eddb2255eb50e3c78ef96a517d4ac8fa1cbc 6228 libsox-fmt-oss-dbgsym_14.4.1-5ubuntu0.1_ppc64el.ddeb a5adf649e5488cef66936fb3cbff59fbe45b22594b04aad76e056b6931380450 4802 libsox-fmt-oss_14.4.1-5ubuntu0.1_ppc64el.deb a89ebe1789ce243e3d7a9a1f14f92fac661c95fd166dc60642e976adbe0873cc 6962 libsox-fmt-pulse-dbgsym_14.4.1-5ubuntu0.1_ppc64el.ddeb e654573f6d2e0517313c9bc7979caa87a828cb0bf7d4f8475a50f1c41ef36734 4244 libsox-fmt-pulse_14.4.1-5ubuntu0.1_ppc64el.deb 2758104db9ff3edbf452ee083d9bfb3175453f43ae49f2ae3f5ca54766751407 386162 libsox2-dbgsym_14.4.1-5ubuntu0.1_ppc64el.ddeb 5b2615b161a884f46964ead0dd2106d4a05d818ca4496df1f9afa6cd1ad0f569 245248 libsox2_14.4.1-5ubuntu0.1_ppc64el.deb df126ddecf74547e8cae6c3a50525406ec595f45213d9ed7f413a2fd3c7eaa58 46498 sox-dbgsym_14.4.1-5ubuntu0.1_ppc64el.ddeb 944770b3b06c81cc0af83c18661fc662ffd8797eb072c63118fb61bd1cef628d 97694 sox_14.4.1-5ubuntu0.1_ppc64el.deb Files: 245ac4802a0e2564d39bab9c7737eddd 351274 libdevel optional libsox-dev_14.4.1-5ubuntu0.1_ppc64el.deb 8b367f218cb991271a9dfb27ed98faab 1714 libs optional libsox-fmt-all_14.4.1-5ubuntu0.1_ppc64el.deb d6f1d5e69d9731909eca1775697bf87a 14944 libs extra libsox-fmt-alsa-dbgsym_14.4.1-5ubuntu0.1_ppc64el.ddeb f434e978d1845bd993cb02629c79bf4a 10152 libs optional libsox-fmt-alsa_14.4.1-5ubuntu0.1_ppc64el.deb 2ee99ea6c840e2362e51bad4e3f72d8f 6648 libs extra libsox-fmt-ao-dbgsym_14.4.1-5ubuntu0.1_ppc64el.ddeb ee4de28a0fe178b795f0bd418c477396 4312 libs optional libsox-fmt-ao_14.4.1-5ubuntu0.1_ppc64el.deb 83d2ad490ceb868fca15ef70fdb5a5ca 62820 libs extra libsox-fmt-base-dbgsym_14.4.1-5ubuntu0.1_ppc64el.ddeb 16f513c8fd8d47315131731d4c7132af 27464 libs optional libsox-fmt-base_14.4.1-5ubuntu0.1_ppc64el.deb f29ad564d29a2757110e2ee2793f179f 21684 libs extra libsox-fmt-mp3-dbgsym_14.4.1-5ubuntu0.1_ppc64el.ddeb 0e510131c73c9581d0162b1e1770d709 12460 libs optional libsox-fmt-mp3_14.4.1-5ubuntu0.1_ppc64el.deb 30128f3f6d5460d7258e88e7d5820414 6228 libs extra libsox-fmt-oss-dbgsym_14.4.1-5ubuntu0.1_ppc64el.ddeb 75032e150df2b770fc42e7a9bdbfce5c 4802 libs optional libsox-fmt-oss_14.4.1-5ubuntu0.1_ppc64el.deb f0bd715564c8bc7c89b49acdeee0b2ec 6962 libs extra libsox-fmt-pulse-dbgsym_14.4.1-5ubuntu0.1_ppc64el.ddeb 3e9e4fb221bb96ded407a013f0fed6be 4244 libs optional libsox-fmt-pulse_14.4.1-5ubuntu0.1_ppc64el.deb 9f56bed3c78f2e7621446157afaeca09 386162 libs extra libsox2-dbgsym_14.4.1-5ubuntu0.1_ppc64el.ddeb 94091590bcc21edfbbdf8d27690b617c 245248 libs optional libsox2_14.4.1-5ubuntu0.1_ppc64el.deb 3e3a97dd6e9a94e345dd2a2a77500a01 46498 sound extra sox-dbgsym_14.4.1-5ubuntu0.1_ppc64el.ddeb 7bfe94db80c0501b9a6563bc8ea50a17 97694 sound optional sox_14.4.1-5ubuntu0.1_ppc64el.deb Original-Maintainer: Pascal Giard