oss-sec mailing list archives
Re: sox: patches for old vulnerabilities
From: Helmut Grohne <helmut () subdivi de>
Date: Tue, 14 Mar 2023 12:01:38 +0100
On Fri, Feb 03, 2023 at 09:44:47PM +0100, Helmut Grohne wrote:
* CVE-2021-33844
The original fix for this issue would cause a regression. After applying it, sox would be unable to decode WAV GSM files. This has been reported as https://bugs.debian.org/1032082. I am attaching an updated patch that fixes this regression. It is meant to replace the previous patch. The updated patch includes a regression test case to avoid repeating the mistake. I see that most distributions (e.g. RedHat, SUSE, Gentoo, etc.) have not picked up the faulty patch. Ubuntu inherited it from Debian and will likely inherit the fix as it gets fixed in Debian releases. Helmut
Attachment:
CVE-2021-33844.patch
Description:
Current thread:
- sox: patches for old vulnerabilities Helmut Grohne (Feb 03)
- Re: sox: patches for old vulnerabilities Steffen Nurpmeso (Feb 04)
- Re: sox: patches for old vulnerabilities Helmut Grohne (Mar 14)
- Re: Re: sox: patches for old vulnerabilities Steffen Nurpmeso (Mar 14)
- Re: Re: sox: patches for old vulnerabilities Steffen Nurpmeso (Mar 14)
- Re: Re: sox: patches for old vulnerabilities Steffen Nurpmeso (Mar 30)
- Re: Re: sox: patches for old vulnerabilities Nam Nguyen (Mar 31)
- Re: Re: sox: patches for old vulnerabilities Steffen Nurpmeso (Mar 31)
- Re: Re: sox: patches for old vulnerabilities Steffen Nurpmeso (Mar 14)