Debian Package Tracker

general

source: sox (main)
version: 14.4.2-3
maintainer: Debian Multimedia Maintainers (archive) [DMD]
uploaders: Jaromír Mikeš [DMD] [dm]
arch: any
std-ver: 4.1.2
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 14.4.0-3+deb7u1
o-o-sec: 14.4.0-3+deb7u2
oldstable: 14.4.1-5
stable: 14.4.1-5
testing: 14.4.2-3
unstable: 14.4.2-3

versioned links

14.4.0-3+deb7u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
14.4.0-3+deb7u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
14.4.1-5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
14.4.2-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libsox-dev
libsox-fmt-all
libsox-fmt-alsa
libsox-fmt-ao
libsox-fmt-base
libsox-fmt-mp3
libsox-fmt-oss
libsox-fmt-pulse
libsox3
sox

action needed

2 new commits since last upload, time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit 8861eb25dc94dcab727bd1cbd08d4d32782a7dd0
Author: Felipe Sateler <fsateler@debian.org>
Date:   Mon Apr 16 13:54:49 2018 -0300

    Change maintainer address to debian-multimedia@lists.debian.org

commit 9ba3f783ccf3a6a529c76f7db7e0b6fe1b3c4c43
Author: Ondřej Nový <onovy@debian.org>
Date:   Mon Feb 19 10:12:24 2018 +0100

    d/control: Set Vcs-* to salsa.debian.org

The Vcs URL is using anonscm.debian.org. Please update it for the move to salsa.debian.org.

Created: 2018-02-19 Last update: 2019-01-20 21:03

lintian reports 2 warnings normal

Lintian reports 2 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2018-09-12 Last update: 2018-09-12 08:25

8 ignored security issues in stretch low

There are 8 open security issues in stretch.

8 issues skipped by the security teams:

CVE-2017-11358: The read_samples function in hcom.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted hcom file.
CVE-2017-15642: In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, there is a Use-After-Free vulnerability triggered by supplying a malformed AIFF file.
CVE-2017-15370: There is a heap-based buffer overflow in the ImaExpandS function of ima_rw.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file.
CVE-2017-11332: The startread function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted wav file.
CVE-2017-15371: There is a reachable assertion abort in the function sox_append_comment() in formats.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file.
CVE-2017-15372: There is a stack-based buffer overflow in the lsx_ms_adpcm_block_expand_i function of adpcm.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file.
CVE-2017-18189: In the startread function in xa.c in Sound eXchange (SoX) through 14.4.2, a corrupt header specifying zero channels triggers an infinite loop with a resultant NULL pointer dereference, which may allow a remote attacker to cause a denial-of-service.
CVE-2017-11359: The wavwritehdr function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted snd file, during conversion to a wav file.

Please fix them.

Created: 2017-08-01 Last update: 2018-06-02 08:03

8 ignored security issues in jessie low

There are 8 open security issues in jessie.

8 issues skipped by the security teams:

CVE-2017-11358: The read_samples function in hcom.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted hcom file.
CVE-2017-15642: In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, there is a Use-After-Free vulnerability triggered by supplying a malformed AIFF file.
CVE-2017-15370: There is a heap-based buffer overflow in the ImaExpandS function of ima_rw.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file.
CVE-2017-11332: The startread function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted wav file.
CVE-2017-15371: There is a reachable assertion abort in the function sox_append_comment() in formats.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file.
CVE-2017-15372: There is a stack-based buffer overflow in the lsx_ms_adpcm_block_expand_i function of adpcm.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file.
CVE-2017-18189: In the startread function in xa.c in Sound eXchange (SoX) through 14.4.2, a corrupt header specifying zero channels triggers an infinite loop with a resultant NULL pointer dereference, which may allow a remote attacker to cause a denial-of-service.
CVE-2017-11359: The wavwritehdr function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted snd file, during conversion to a wav file.

Please fix them.

Created: 2017-08-01 Last update: 2018-06-02 08:03

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2016-04-07 Last update: 2016-04-07 19:01

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.3.0 instead of 4.1.2).

Created: 2018-04-16 Last update: 2018-12-23 17:15

news

[rss feed]

[2017-12-24] sox 14.4.2-3 MIGRATED to testing (Debian testing watch)
[2017-12-18] Accepted sox 14.4.2-3 (source) into unstable (Jaromír Mikeš)
[2017-11-30] Accepted sox 14.4.0-3+deb7u2 (source amd64) into oldoldstable (Markus Koschany)
[2017-11-29] sox 14.4.2-2 MIGRATED to testing (Debian testing watch)
[2017-11-24] Accepted sox 14.4.2-2 (source) into unstable (Jaromír Mikeš)
[2017-11-19] Accepted sox 14.4.2-1 (source amd64) into experimental, experimental (Jaromír Mikeš) (signed by: Sebastian Ramacher)
[2015-01-03] Accepted sox 14.3.1-1+deb6u1 (source i386) into squeeze-lts (Thorsten Alteholz)
[2014-12-30] sox 14.4.1-5 MIGRATED to testing (Britney)
[2014-12-24] Accepted sox 14.4.1-5 (source amd64) into unstable (Pascal Giard)
[2014-12-24] Accepted sox 14.4.0-3+deb7u1 (source) into proposed-updates->stable-new, proposed-updates (Pascal Giard)
[2014-06-01] sox 14.4.1-4 MIGRATED to testing (Debian testing watch)
[2014-05-22] Accepted sox 14.4.1-4 (source amd64) (Pascal Giard)
[2013-05-05] sox 14.4.1-3 MIGRATED to testing (Debian testing watch)
[2013-04-16] Accepted sox 14.4.1-3 (source amd64) (Pascal Giard)
[2013-02-23] Accepted sox 14.4.1-2 (source amd64) (Pascal Giard)
[2013-02-12] Accepted sox 14.4.1-1 (source amd64) (Pascal Giard)
[2013-01-19] Accepted sox 14.4.0-5 (source amd64) (Pascal Giard)
[2013-01-18] Accepted sox 14.4.0-4 (source amd64) (Pascal Giard)
[2012-06-01] sox 14.4.0-3 MIGRATED to testing (Debian testing watch)
[2012-05-07] Accepted sox 14.4.0-3 (source amd64) (Pascal Giard)
[2012-03-12] Accepted sox 14.4.0-2 (source amd64) (Pascal Giard)
[2012-03-11] Accepted sox 14.4.0-1 (source amd64) (Pascal Giard)
[2011-12-21] sox 14.3.2-3 MIGRATED to testing (Debian testing watch)
[2011-12-11] Accepted sox 14.3.2-3 (source amd64) (Pascal Giard)
[2011-09-01] sox 14.3.2-2 MIGRATED to testing (Debian testing watch)
[2011-08-22] Accepted sox 14.3.2-2 (source amd64) (Pascal Giard)
[2011-03-13] sox 14.3.2-1 MIGRATED to testing (Debian testing watch)
[2011-03-02] Accepted sox 14.3.2-1 (source amd64) (Pascal Giard)
[2011-02-12] Accepted sox 14.3.1-2 (source amd64) (Pascal Giard)
[2010-06-16] sox 14.3.1-1 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 12
RC: 0
I&N: 6
M&W: 6
F&P: 0
patch: 0

links

homepage
lintian (0, 2)
buildd: logs, checks, clang, reproducibility
popcon
browse source code
edit tags
security tracker
screenshots

ubuntu

[Information about Ubuntu for Debian Developers]

version: 14.4.2-3
1 bug