Accepted sox 14.4.2+git20190427-3.2 (source) into unstable
- To: debian-devel-changes@lists.debian.org
- Subject: Accepted sox 14.4.2+git20190427-3.2 (source) into unstable
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Sun, 05 Feb 2023 13:06:38 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: sox_14.4.2+git20190427-3.2_source.changes
- Debian-source: sox
- Debian-suite: unstable
- Debian-version: 14.4.2+git20190427-3.2
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=5730fKTe4vZD9iFHjm8OK7NgVnWqsOK6vTxTyoEPXsQ=; b=J6gqO+cq+aMrpH5Jl2GnGrhNKa rbbtudJAhltvZ4V+3WP6i4lvAaneFzLdN9Xvh24jdpCZqzZBwvTUo1zlJgaHoI+InLgiXDfUplSL2 8bk6xG1pBTJEyTivYRnM7bViPl1diFxtkBIYoeILBnCD6BtQRTWRZ2tQesx+j/AIk2I7jOOHQf2mU mAEtcM0hCewzT5fY7Fc6bmiI7veuZB7o3glOf0b5J5bVd81OJBeCxAYN/GVPoskWXLWxgYOGlpc89 S3s0fy+qnYX8QZpx9vdsP3fwg6AF0k4QOd4PqZay18r6eMTh9fQSrhJCwLPv3DcgJdpJW8JkktqxY OfubSLVg==;
- Mail-followup-to: debian-devel@lists.debian.org
- Message-id: <E1pOej8-00BCI3-LK@fasolo.debian.org>
- Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 05 Feb 2023 13:13:59 +0100
Source: sox
Architecture: source
Version: 14.4.2+git20190427-3.2
Distribution: unstable
Urgency: medium
Maintainer: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Changed-By: Helmut Grohne <helmut@subdivi.de>
Changes:
sox (14.4.2+git20190427-3.2) unstable; urgency=medium
.
* Non-maintainer upload.
* Drop the CVE-unasssigned patch together with my own unnecessary change
introducing the vulnerability: The buffer is overallocated by 16-1 bytes
already and we don't overflow if we don't add to it.
* Replace CVE-2017-11358 patch with the non-broken one from upstream
* Fix big endian 64bit FTBFS: Import upstream patch to fix hcom writing
* Improve CVE-2021-23159 patch to also reject empty dictionaries.
The incomplete fix would allow an out-of-bounds read.
* Improve CVE-2021-3643 patch to also reject word width 1.
The incomplete fix would allow an out-of-bounds read.
Checksums-Sha1:
be5dc22afe881e5473f91aeb17b666e9847f7e55 2898 sox_14.4.2+git20190427-3.2.dsc
f58cfbe40928c9f5d997bb0a5b3c122d73c77811 27476 sox_14.4.2+git20190427-3.2.debian.tar.xz
d201bf80b83892a2ccc1dee4e0df532aaea07e15 13860 sox_14.4.2+git20190427-3.2_amd64.buildinfo
Checksums-Sha256:
417eb01dd04264910587099393db458d9fb0c9e90e56cbf1130ac28ba6e134b4 2898 sox_14.4.2+git20190427-3.2.dsc
9d949941d733ed5b9ac4f35502cf500124e46a412e7de66eb7a66c4c3d7c1b63 27476 sox_14.4.2+git20190427-3.2.debian.tar.xz
1661e672840aae3011f8140ee1cb6d95bdd4846ce3ea9047aa8a38d082a25c36 13860 sox_14.4.2+git20190427-3.2_amd64.buildinfo
Files:
218f81d09631d377a4ac2277268e25ae 2898 sound optional sox_14.4.2+git20190427-3.2.dsc
c2fa79f5810e10e07c8c4d45779ce8c6 27476 sound optional sox_14.4.2+git20190427-3.2.debian.tar.xz
a1bddd3d449d64073d09361c4beff1f6 13860 sound optional sox_14.4.2+git20190427-3.2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEETMLS2QqNFlTb+HOqLRqqzyREREIFAmPfohkACgkQLRqqzyRE
REIS/A/+IwQI8HhWxtm+F1/W86+pI4JfqDfXYPqgTihe5l2prp8QqQsbhU/JonjN
RRxlrskOBonxdcEJy55vMHcEIJB8fDU/wgmuoV5HpOFmvKB2keMDf0Z6WOLKS3UN
2A/vzMd1phARqn9WJNtLWEnwIs50S9q+0ATBzAlzqXVj7MnSbZBUuQABMhHrrn23
uAwOAQMmlby7Qe4RuWfsx0ECOi5d8VdeKILFWd9G7WhB8NClVULGZ/KJt8MNL3Ry
N1E6STppBPIh9nfyNqyovlDqZDaPGzu5dukqmMxwGjf0Cahdz/wYnY0pcYu3jYte
s2VzLu9dnUqcEf/NXiQ4yZ86bNE+CY9fhU92b6jFn96EmfndjDkOe+vqOw5LgfYo
9GztehQU3CGC7EUDQWlF2VzTn8umA8rZKcpRKaSUmnkNgNkvOP9UuESUrFzlLQ5f
KZOHMSyrHya4uHgrHXYgKdXt0MMnfoxRD8hF/9juzskvlIMvbwat2VecCoWxRb6/
jPaF6q5VTNh7kVmatOEv4hUoMuyG4qyRFp5iqWVSs6GfrZ/Cx9neWliGHYBabAS+
5PRSYdQAvAWpKsyeQHAT1TvZhmxwqVG15xLhMK++XUYSMgS/fJ+Y3JyWfTkI9Ae6
BV6xyBML2Ix8OqMXUechJ7JfF9YcRBf0n1cIfcOke8/miiNbPG0=
=xmUK
-----END PGP SIGNATURE-----