From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dtas-all-bounces+dtas-all=80x24.org@nongnu.org>
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on dcvr.yhbt.net
X-Spam-Level: 
X-Spam-ASN: AS22989 208.118.235.0/24
X-Spam-Status: No, score=-2.4 required=3.0 tests=AWL,BAYES_00,
 RCVD_IN_DNSWL_BLOCKED,URIBL_BLOCKED shortcircuit=no autolearn=unavailable
 version=3.3.2
X-Original-To: dtas-all@80x24.org
Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1
 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by
 dcvr.yhbt.net (Postfix) with ESMTPS id 214E61F8A1 for <dtas-all@80x24.org>;
 Mon, 22 Dec 2014 18:24:32 +0000 (UTC)
Received: from localhost ([::1]:41517 helo=lists.gnu.org) by lists.gnu.org
 with esmtp (Exim 4.71) (envelope-from
 <dtas-all-bounces+dtas-all=80x24.org@nongnu.org>) id 1Y37eh-0006s3-Ec for
 dtas-all@80x24.org; Mon, 22 Dec 2014 13:24:31 -0500
Received: from eggs.gnu.org ([2001:4830:134:3::10]:40628) by lists.gnu.org
 with esmtp (Exim 4.71) (envelope-from <e@80x24.org>) id 1Y37eb-0006ry-Pt for
 dtas-all@nongnu.org; Mon, 22 Dec 2014 13:24:30 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <e@80x24.org>) id 1Y37eW-0002DF-O4 for dtas-all@nongnu.org;
 Mon, 22 Dec 2014 13:24:25 -0500
Received: from dcvr.yhbt.net ([64.71.152.64]:37186) by eggs.gnu.org with
 esmtp (Exim 4.71) (envelope-from <e@80x24.org>) id 1Y37eW-0002Bz-Id for
 dtas-all@nongnu.org; Mon, 22 Dec 2014 13:24:20 -0500
Received: from localhost (dcvr.yhbt.net [127.0.0.1]) by dcvr.yhbt.net
 (Postfix) with ESMTP id 9AFA61F8A1; Mon, 22 Dec 2014 18:24:19 +0000 (UTC)
Date: Mon, 22 Dec 2014 18:24:19 +0000
From: Eric Wong <e@80x24.org>
To: dtas-all@nongnu.org
Subject: Fwd: Bug#773720: sox: CVE-2014-8145
Message-ID: <20141222182419.GB18533@dcvr.yhbt.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 64.71.152.64
X-BeenThere: dtas-all@nongnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: <dtas-all@nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/dtas-all>,
 <mailto:dtas-all-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/dtas-all>
List-Post: <mailto:dtas-all@nongnu.org>
List-Help: <mailto:dtas-all-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/dtas-all>,
 <mailto:dtas-all-request@nongnu.org?subject=subscribe>
Errors-To: dtas-all-bounces+dtas-all=80x24.org@nongnu.org
Sender: dtas-all-bounces+dtas-all=80x24.org@nongnu.org

Since dtas depends on sox: https://bugs.debian.org/773720

----- Forwarded message from Salvatore Bonaccorso <carnil@debian.org> -----

From: Salvatore Bonaccorso <carnil@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#773720: sox: CVE-2014-8145

Source: sox
Version: 14.3.1-1
Severity: grave
Tags: security upstream

Hi,

the following vulnerability was published for sox.

CVE-2014-8145[0]:
two heap-based buffer overflows

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2014-8145
[1] http://www.ocert.org/advisories/ocert-2014-010.html

Patches are not yet attached/referenced in the advisory, but should be
referenced in upstream git repository soon.

Regards,
Salvatore


----- End forwarded message -----