-
sox (14.4.1-3ubuntu1.1) trusty-security; urgency=medium
* SECURITY UPDATE: Buffer overflow
- debian/patches/0001-Check-for-minimum-size-sphere-headers.patch: Avoid
integer underflow by validating the header_size_ul for NIST sphere
formatted media files.
- debian/patches/0002-More-checks-for-invalid-MS-ADPCM-blocks.patch: Check
the number of samples in a wav block against the expected samples per
block.
- CVE-2014-8145
* SECURITY UPDATE: Division by zero
- debian/patches/CVE-2017-11332.patch: wav: fix crash if channel count is
zero
- CVE-2017-11332
* SECURITY UPDATE: Division by zero
- debian/patches/CVE-2017-11358.patch: hcom: fix crash on input with
corrupt dictionary
- CVE-2017-11358
* SECURITY UPDATE: Invalid memory read
- debian/patches/CVE-2017-11359.patch: wav: fix crash writing header when
channel count >64k
- CVE-2017-11359
* SECURITY UPDATE: Buffer overflow
- debian/patches/CVE-2017-15370.patch: wav: ima_adpcm: fix buffer overflow
on corrupt input
- CVE-2017-15370
* SECURITY UPDATE: Buffer overflow
- debian/patches/CVE-2017-15371.patch: flac: fix crash on corrupt metadata
- CVE-2017-15371
* SECURITY UPDATE: Buffer overflow
- debian/patches/CVE-2017-15372.patch: adpcm: fix stack overflow with >4
channels
- CVE-2017-15372
* SECURITY UPDATE: Use after free
- debian/patches/CVE-2017-15642.patch: adpcm: fix a user after free and
double free if an empty comment chunk follows a non-empty one.
- CVE-2017-15642
* SECURITY UPDATE: NULL pointer dereference
- debian/patches/CVE-2017-18189.patch: Prevent infinite loop caused by
specifying zero channels in a header. Also add an upper bound to prevent
overflow in multiplication
- CVE-2017-18189
-- Mike Salvatore <email address hidden> Thu, 31 Jan 2019 11:22:54 -0500
-
sox (14.4.1-3ubuntu1) trusty; urgency=medium
* Build with dh-autoreconf instead of autotools-dev for new libtool.
-- William Grant <email address hidden> Tue, 31 Dec 2013 01:34:27 +0000
-
sox (14.4.1-3) unstable; urgency=low
* [debian/rules]:
- Added an explicit call to dh_installchangelogs as Ubuntu no longer does
does it by default. It's important for us as it contains the list of
past contributors.
* [debian/docs]:
- Fixed paths to files.
-- Pascal Giard <email address hidden> Mon, 15 Apr 2013 21:20:12 -0400