-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 28 Feb 2019 08:58:56 +0100 Source: sox Binary: sox libsox2 libsox-fmt-base libsox-fmt-alsa libsox-fmt-ao libsox-fmt-mp3 libsox-fmt-oss libsox-fmt-pulse libsox-fmt-all libsox-dev Architecture: source amd64 Version: 14.4.1-5+deb8u2 Distribution: jessie-security Urgency: high Maintainer: Pascal Giard <pascal@debian.org> Changed-By: Hugo Lefeuvre <hle@debian.org> Description: libsox-dev - Development files for the SoX library libsox-fmt-all - All SoX format libraries libsox-fmt-alsa - SoX alsa format I/O library libsox-fmt-ao - SoX Libao format I/O library libsox-fmt-base - Minimal set of SoX format libraries libsox-fmt-mp3 - SoX MP2 and MP3 format library libsox-fmt-oss - SoX OSS format I/O library libsox-fmt-pulse - SoX PulseAudio format I/O library libsox2 - SoX library of audio effects and processing sox - Swiss army knife of sound processing Closes: 878808 878810 881121 882144 Changes: sox (14.4.1-5+deb8u2) jessie-security; urgency=high . * Non-maintainer upload by the LTS Team. * CVE-2017-15370: heap-based buffer overflow in the ImaExpandS function of ima_rw.c (Closes: #878810). * CVE-2017-15372: stack-based buffer overflow in the lsx_ms_adpcm_block_expand_i function of adpcm.c (Closes: #878808). * CVE-2017-18189: null pointer dereference caused by corrupt header specifying zero channels, sending read_channels() into an infinite loop (Closes: #881121). * CVE-2017-15642: use-after-free in output_message, triggered by crafted aiff file (Closes: #882144). Checksums-Sha1: 08d778a3a2597fb09965215b17f7ea6c23cb4e7b 2318 sox_14.4.1-5+deb8u2.dsc 91100373c84731f6d5910e1014f8a268279b12cf 15604 sox_14.4.1-5+deb8u2.debian.tar.xz c00973ed2cb26ad43576c8b06aafeeffa3e084f9 137386 sox_14.4.1-5+deb8u2_amd64.deb 4afb4bf54e0374bee61423fedd9419b96e8efb3d 267458 libsox2_14.4.1-5+deb8u2_amd64.deb d93f6bb8a1bc3ad38b09eebd186bbe969531d4d3 68518 libsox-fmt-base_14.4.1-5+deb8u2_amd64.deb 555b45cbb8da6bba0321864510992773af665f7a 47110 libsox-fmt-alsa_14.4.1-5+deb8u2_amd64.deb 00743263075d3487e46a6dc0c45f0dfd1491e41c 44018 libsox-fmt-ao_14.4.1-5+deb8u2_amd64.deb 360c240956bac3319af262d9a281aab44ff1ff8c 52176 libsox-fmt-mp3_14.4.1-5+deb8u2_amd64.deb 631ed504e30cdba9220daa86ad1f2dc6f70d5454 44554 libsox-fmt-oss_14.4.1-5+deb8u2_amd64.deb 434f260430f471c69cc96c0656ececf2f41dda19 44062 libsox-fmt-pulse_14.4.1-5+deb8u2_amd64.deb ce3fd31aa330e9978449ffdb667202dce8d59820 41626 libsox-fmt-all_14.4.1-5+deb8u2_amd64.deb b30dcd5134c6091f96b22a7f057256159c551244 356446 libsox-dev_14.4.1-5+deb8u2_amd64.deb Checksums-Sha256: 13c401966562a47b515e1316203f142b8bef922426673bc6122bee76f7c7e3de 2318 sox_14.4.1-5+deb8u2.dsc d709df28c8262653e8f2c4f8d470749a9aef4e6ca76095ff13e9d232585c53b8 15604 sox_14.4.1-5+deb8u2.debian.tar.xz 1cb65cc661a06a32b2af270b3476583ad0e6909c5f688086a5451bc11cdc82b4 137386 sox_14.4.1-5+deb8u2_amd64.deb 075d1c84b472962fe8f01a67be1d9f74acc35b1eadd33022de0df4580e3b055f 267458 libsox2_14.4.1-5+deb8u2_amd64.deb 3abbc88e317fda0a181d1b0d4075bedf339b60035fbb7476a7d6e2fac7fc06ec 68518 libsox-fmt-base_14.4.1-5+deb8u2_amd64.deb 8bf3b38aca6786549bff42a15d91bf1f8b169f727bc6bca7b81fc2829da8df9f 47110 libsox-fmt-alsa_14.4.1-5+deb8u2_amd64.deb 5fa569742c86de98ac4594d5e0f2da4c28cc03abb858b9ddf7152e52a7bc44f1 44018 libsox-fmt-ao_14.4.1-5+deb8u2_amd64.deb 22c8150fd70413fad466c14fb94c607cb6b3d15bc7aa89379ff25f14518ba87a 52176 libsox-fmt-mp3_14.4.1-5+deb8u2_amd64.deb e6c3fb94a825c26bc6a5be64d189f0bf7e36e7945dc10517c25bfe339f194a92 44554 libsox-fmt-oss_14.4.1-5+deb8u2_amd64.deb f5708948fe2769204d9a016d4a4f4b74a649f860a306df0a4aa3ad3ff746c7a8 44062 libsox-fmt-pulse_14.4.1-5+deb8u2_amd64.deb 02551fd3680a91edb0e7a2c7688ae42143e66c5c09338b38a4830cd4962bcfe1 41626 libsox-fmt-all_14.4.1-5+deb8u2_amd64.deb 34d06c561a87b0bd50117422ce8c6f53a9af08b6e1270faaad3bea45e50171c9 356446 libsox-dev_14.4.1-5+deb8u2_amd64.deb Files: 86b718b46ef01a41475e0884be8d1275 2318 sound optional sox_14.4.1-5+deb8u2.dsc f5994b483127fa3f008edeb417778bbb 15604 sound optional sox_14.4.1-5+deb8u2.debian.tar.xz 3eb4ca2d6cbf6fef4ec364513902a2c3 137386 sound optional sox_14.4.1-5+deb8u2_amd64.deb 82bbd5d8122d90b3b0a21aeb7af03655 267458 libs optional libsox2_14.4.1-5+deb8u2_amd64.deb 9ee773303915ae67394cb7bf09efed1f 68518 libs optional libsox-fmt-base_14.4.1-5+deb8u2_amd64.deb 043823bb04251d7c3a80a8ccc538355c 47110 libs optional libsox-fmt-alsa_14.4.1-5+deb8u2_amd64.deb 9fbbc38e8dfe556974294dbbad6cb93c 44018 libs optional libsox-fmt-ao_14.4.1-5+deb8u2_amd64.deb 00c8ccf22f77fb726e681c983a83c97d 52176 libs optional libsox-fmt-mp3_14.4.1-5+deb8u2_amd64.deb 2cec4e736f71d47d310d180e4033d640 44554 libs optional libsox-fmt-oss_14.4.1-5+deb8u2_amd64.deb b75f53e6e13a98d8879263857c05c6c8 44062 libs optional libsox-fmt-pulse_14.4.1-5+deb8u2_amd64.deb d232016138246b8b394c8a20b9c46e2c 41626 libs optional libsox-fmt-all_14.4.1-5+deb8u2_amd64.deb 46b486047b5f264ff7a9859de3040262 356446 libdevel optional libsox-dev_14.4.1-5+deb8u2_amd64.deb -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEUFZhdgIWqBhwqCvuZYVUZx9w0DQFAlx3rwMACgkQZYVUZx9w 0DQmXwf/Z7p7OjrcV/Wu12/R9DCtLDDHzlsrABA04KZB1+rUagjRSPeaqI+59FSe e1ST5IfhMQJcfNmfNsu9hPN9kY6vXFLonv4Sn0DFHcaO/8H9pGsOy/tHYB6+/wcR Q+10CtYDq+NvQFv3XY8MTqegIu17rT8s5XKOXtgme88oEaBls0BpqPx0YZhZFDA+ ET2y0VSxCCMlMf1Epkb/BD35ePaTkDR15ItZ6L0pcJOwl41EHVO+b+8CCjn0f74x /uS2FVCOhxn5ASOPSLPKeY8t0JmbtqUMg1PI6bkJz+2dtVPElblN1hDi8uVsGzTw sFzTbrfs4CHUeEJXtXZwBv7L/xzo1Q== =BpUs -----END PGP SIGNATURE-----
