Ubuntu
sox package

Change logs for sox source package in Trusty

  1. Trusty (14.04)
  2. Change log 
  • sox (14.4.1-3ubuntu1.1) trusty-security; urgency=medium

  * SECURITY UPDATE: Buffer overflow
    - debian/patches/0001-Check-for-minimum-size-sphere-headers.patch: Avoid
      integer underflow by validating the header_size_ul for NIST sphere
      formatted media files.
    - debian/patches/0002-More-checks-for-invalid-MS-ADPCM-blocks.patch: Check
      the number of samples in a wav block against the expected samples per
      block.
    - CVE-2014-8145
  * SECURITY UPDATE: Division by zero
    - debian/patches/CVE-2017-11332.patch: wav: fix crash if channel count is
      zero
    - CVE-2017-11332
  * SECURITY UPDATE: Division by zero
    - debian/patches/CVE-2017-11358.patch: hcom: fix crash on input with
      corrupt dictionary
    - CVE-2017-11358
  * SECURITY UPDATE: Invalid memory read
    - debian/patches/CVE-2017-11359.patch: wav: fix crash writing header when
      channel count >64k
    - CVE-2017-11359
  * SECURITY UPDATE: Buffer overflow
    - debian/patches/CVE-2017-15370.patch: wav: ima_adpcm: fix buffer overflow
      on corrupt input
    - CVE-2017-15370
  * SECURITY UPDATE: Buffer overflow
    - debian/patches/CVE-2017-15371.patch: flac: fix crash on corrupt metadata
    - CVE-2017-15371
  * SECURITY UPDATE: Buffer overflow
    - debian/patches/CVE-2017-15372.patch: adpcm: fix stack overflow with >4
      channels
    - CVE-2017-15372
  * SECURITY UPDATE: Use after free
    - debian/patches/CVE-2017-15642.patch: adpcm: fix a user after free and
      double free if an empty comment chunk follows a non-empty one.
    - CVE-2017-15642
  * SECURITY UPDATE: NULL pointer dereference
    - debian/patches/CVE-2017-18189.patch: Prevent infinite loop caused by
        specifying zero channels in a header. Also add an upper bound to prevent
        overflow in multiplication
    - CVE-2017-18189

 -- Mike Salvatore <email address hidden>  Thu, 31 Jan 2019 11:22:54 -0500
  • sox (14.4.1-3ubuntu1) trusty; urgency=medium

  * Build with dh-autoreconf instead of autotools-dev for new libtool.
 -- William Grant <email address hidden>   Tue, 31 Dec 2013 01:34:27 +0000
  • sox (14.4.1-3) unstable; urgency=low


  * [debian/rules]:
    - Added an explicit call to dh_installchangelogs as Ubuntu no longer does
      does it by default. It's important for us as it contains the list of
      past contributors. 
  * [debian/docs]:
    - Fixed paths to files.

 -- Pascal Giard <email address hidden>  Mon, 15 Apr 2013 21:20:12 -0400