Package: sox | Debian Sources

Package: sox / 14.4.2+git20190427-1

Metadata

Package	Version	Patches format
sox	14.4.2+git20190427-1	3.0 (quilt)

Patch series

view the series file

Patch	File delta	Description
0001 fix build.patch \| (download)	src/Makefile.am \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	fix build
0003 spelling.patch \| (download)	ChangeLog \| 2 1 + 1 - 0 ! libsox.3 \| 2 1 + 1 - 0 ! libsox.txt \| 2 1 + 1 - 0 ! src/fap.c \| 2 1 + 1 - 0 ! src/paf.c \| 2 1 + 1 - 0 ! src/wav.c \| 2 1 + 1 - 0 ! 6 files changed, 6 insertions(+), 6 deletions(-)	spelling fixes
0005 CVE 2017 15371.patch \| (download)	src/flac.c \| 8 5 + 3 - 0 ! 1 file changed, 5 insertions(+), 3 deletions(-)	[patch] flac: fix crash on corrupt metadata (cve-2017-15371)
0006 CVE 2017 11358.patch \| (download)	src/hcom.c \| 5 5 + 0 - 0 ! 1 file changed, 5 insertions(+)	[patch] hcom: fix crash on input with corrupt dictionary (CVE-2017-11358)
0007 CVE 2017 15370.patch \| (download)	src/wav.c \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	[patch] wav: ima_adpcm: fix buffer overflow on corrupt input (CVE-2017-15370) Add the same check bad block size as was done for MS adpcm in commit f39c574b ("More checks for invalid MS ADPCM blocks").
0008 CVE 2017 11332.patch \| (download)	src/wav.c \| 5 5 + 0 - 0 ! 1 file changed, 5 insertions(+)	[patch] wav: fix crash if channel count is zero (cve-2017-11332)
0009 CVE 2017 11359.patch \| (download)	src/wav.c \| 6 6 + 0 - 0 ! 1 file changed, 6 insertions(+)	[patch] wav: fix crash writing header when channel count >64k (CVE-2017-11359)
0010 wavpack_check_errors.patch \| (download)	src/wavpack.c \| 8 8 + 0 - 0 ! 1 file changed, 8 insertions(+)	wavpack: check errors when initializing https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881145
0011 lintian man sox.patch \| (download)	sox.1 \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	fix - w: sox: manpage-has-errors-from-man usr/share/man/man1/sox.1.gz file `<standard input>'
0012 xa validate channel count.patch \| (download)	src/xa.c \| 6 6 + 0 - 0 ! 1 file changed, 6 insertions(+)	a corrupt header specifying zero channels would send read_channels() into an infinite loop. Prevent this by sanity checking the channel count in open_read(). Also add an upper bound to prevent overflow in multiplication. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881121
0013 CVE 2017 15372.patch \| (download)	src/adpcm.c \| 8 7 + 1 - 0 ! src/adpcm.h \| 3 3 + 0 - 0 ! src/wav.c \| 5 4 + 1 - 0 ! 3 files changed, 14 insertions(+), 2 deletions(-)	adpcm: fix stack overflow with >4 channels (cve-2017-15372)
0014 CVE 2017 15642.patch \| (download)	src/aiff.c \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	this fixes a use after free and double free if an empty comment chunk follows a non-empty one.
0015 Handle vorbis_analysis_headerout errors.patch \| (download)	src/vorbis.c \| 8 6 + 2 - 0 ! 1 file changed, 6 insertions(+), 2 deletions(-)	[patch] handle vorbis_analysis_headerout errors This is related to https://github.com/xiph/vorbis/pull/34 but could also happen today with on other errors in the called function. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882236
0016 CVE 2019 8354.patch \| (download)	src/effects_i_dsp.c \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	---
0017 CVE 2019 8355.patch \| (download)	src/Makefile.am \| 2 1 + 1 - 0 ! src/xmalloc.c \| 10 10 + 0 - 0 ! src/xmalloc.h \| 6 4 + 2 - 0 ! 3 files changed, 15 insertions(+), 3 deletions(-)	---
0018 CVE 2019 8356.patch \| (download)	src/fft4g.c \| 18 18 + 0 - 0 ! src/fft4g.h \| 2 2 + 0 - 0 ! 2 files changed, 20 insertions(+)	---
0019 CVE 2019 8357.patch \| (download)	src/effects_i_dsp.c \| 3 3 + 0 - 0 ! 1 file changed, 3 insertions(+)	---

1