Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted sox 14.4.2+git20190427-3.2 (source) into unstable
Date: Sun, 05 Feb 2023 13:06:38 +0000
Signed by: Helmut Grohne <helmut@subdivi.de>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 05 Feb 2023 13:13:59 +0100
Source: sox
Architecture: source
Version: 14.4.2+git20190427-3.2
Distribution: unstable
Urgency: medium
Maintainer: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Changed-By: Helmut Grohne <helmut@subdivi.de>
Changes:
 sox (14.4.2+git20190427-3.2) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * Drop the CVE-unasssigned patch together with my own unnecessary change
     introducing the vulnerability: The buffer is overallocated by 16-1 bytes
     already and we don't overflow if we don't add to it.
   * Replace CVE-2017-11358 patch with the non-broken one from upstream
   * Fix big endian 64bit FTBFS: Import upstream patch to fix hcom writing
   * Improve CVE-2021-23159 patch to also reject empty dictionaries.
     The incomplete fix would allow an out-of-bounds read.
   * Improve CVE-2021-3643 patch to also reject word width 1.
     The incomplete fix would allow an out-of-bounds read.
Checksums-Sha1:
 be5dc22afe881e5473f91aeb17b666e9847f7e55 2898 sox_14.4.2+git20190427-3.2.dsc
 f58cfbe40928c9f5d997bb0a5b3c122d73c77811 27476 sox_14.4.2+git20190427-3.2.debian.tar.xz
 d201bf80b83892a2ccc1dee4e0df532aaea07e15 13860 sox_14.4.2+git20190427-3.2_amd64.buildinfo
Checksums-Sha256:
 417eb01dd04264910587099393db458d9fb0c9e90e56cbf1130ac28ba6e134b4 2898 sox_14.4.2+git20190427-3.2.dsc
 9d949941d733ed5b9ac4f35502cf500124e46a412e7de66eb7a66c4c3d7c1b63 27476 sox_14.4.2+git20190427-3.2.debian.tar.xz
 1661e672840aae3011f8140ee1cb6d95bdd4846ce3ea9047aa8a38d082a25c36 13860 sox_14.4.2+git20190427-3.2_amd64.buildinfo
Files:
 218f81d09631d377a4ac2277268e25ae 2898 sound optional sox_14.4.2+git20190427-3.2.dsc
 c2fa79f5810e10e07c8c4d45779ce8c6 27476 sound optional sox_14.4.2+git20190427-3.2.debian.tar.xz
 a1bddd3d449d64073d09361c4beff1f6 13860 sound optional sox_14.4.2+git20190427-3.2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEETMLS2QqNFlTb+HOqLRqqzyREREIFAmPfohkACgkQLRqqzyRE
REIS/A/+IwQI8HhWxtm+F1/W86+pI4JfqDfXYPqgTihe5l2prp8QqQsbhU/JonjN
RRxlrskOBonxdcEJy55vMHcEIJB8fDU/wgmuoV5HpOFmvKB2keMDf0Z6WOLKS3UN
2A/vzMd1phARqn9WJNtLWEnwIs50S9q+0ATBzAlzqXVj7MnSbZBUuQABMhHrrn23
uAwOAQMmlby7Qe4RuWfsx0ECOi5d8VdeKILFWd9G7WhB8NClVULGZ/KJt8MNL3Ry
N1E6STppBPIh9nfyNqyovlDqZDaPGzu5dukqmMxwGjf0Cahdz/wYnY0pcYu3jYte
s2VzLu9dnUqcEf/NXiQ4yZ86bNE+CY9fhU92b6jFn96EmfndjDkOe+vqOw5LgfYo
9GztehQU3CGC7EUDQWlF2VzTn8umA8rZKcpRKaSUmnkNgNkvOP9UuESUrFzlLQ5f
KZOHMSyrHya4uHgrHXYgKdXt0MMnfoxRD8hF/9juzskvlIMvbwat2VecCoWxRb6/
jPaF6q5VTNh7kVmatOEv4hUoMuyG4qyRFp5iqWVSs6GfrZ/Cx9neWliGHYBabAS+
5PRSYdQAvAWpKsyeQHAT1TvZhmxwqVG15xLhMK++XUYSMgS/fJ+Y3JyWfTkI9Ae6
BV6xyBML2Ix8OqMXUechJ7JfF9YcRBf0n1cIfcOke8/miiNbPG0=
=xmUK
-----END PGP SIGNATURE-----
News for package sox
