[SECURITY] [DLA 1197-1] sox security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1197-1] sox security update
From: Markus Koschany <apo@debian.org>
Date: Fri, 1 Dec 2017 00:02:33 +0100
Message-id: <[🔎] 00abb4cd-9bff-a25c-7299-099d6ccd5314@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : sox
Version        : 14.4.0-3+deb7u2
CVE ID         : CVE-2017-11332 CVE-2017-11358 CVE-2017-11359
                 CVE-2017-15370 CVE-2017-15371 CVE-2017-15372
                 CVE-2017-15642
Debian Bug     : 870328 878810 878809 878808 882236 882144

Various security vulnerabilities were discovered in sox, a command
line utility to convert audio formats, that may lead to a
denial-of-service (application crash / infinite loop) or memory
corruptions by processing a malformed input file.

For Debian 7 "Wheezy", these problems have been fixed in version
14.4.0-3+deb7u2.

We recommend that you upgrade your sox packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlogjglfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeThaA/9FMrnUSnjadqaLfH5eAoClhvQcrwNOw9BnQHLbgoHyXh7GzN2SSMZiTq/
TwTdXh1GWsWocQiauYqL1kzhUfGYkqMyEq1y5ZZtDuS3zm4tEQAUCQ1CL/V+3aAU
vcFAc0/jjnbeQ8NtsNY2ogDv2cUW2Bq2L/yT4men2yItdEuZvth0V1wQXfl8NseS
//oFWErb3+XZL0NGBqeTei+F6NYDS520VDlBTzR9lgMsjt1q/OGQd17vHlZankxL
dPQqT8crXvfJBRiAeKI0fG39qPD9RhsxQY+mcpK7a3Oiacf1DQghUpcQHM5X63ZL
0m0S+oIGKunXpIA7u8RP0sby0wURRX+s+YZS66HbsgpKwLc54YqZqgLyJYYV09g2
DOMQjwiztosA4sCb5NAxflt0qbUw5xn0RFtgkMc9V8dZ2O8Wd1CRJEh562rQLDAO
c9ccxrJ+sZYAhoQE+a2DtOHCZaGPmgILnfGmoi8vgjPL8Oh2dor/gGVY4C2VSekc
XADSm5jUjyycxFHQxG1p38RrCT24qaintFthcHzGzbXFWTmHhNryH3D2C/RLJX7k
vKkAZ92vfnMmJ7TT4feTaICB/dC6RQRVM9z9hMnd7T1zoRNoLKo2uxEE5ZL0I+d8
ffLNAUxWdxarexyq9r+P//F0fZu9TVzx8XReb3Uu4+jYquQJiHY=
=82rj
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1196-1] optipng security update
Previous by thread: [SECURITY] [DLA 1196-1] optipng security update
Index(es):
- Date
- Thread