1) CVE-2017-18189, CVE-2019-1010004 Description: "SoX - Sound eXchange 14.4.2 and earlier is affected by: Out-of-bounds Read. The impact is: Denial of Service. The component is: read_samples function at xa.c:219. The attack vector is: Victim must open specially crafted .xa file. NOTE: this may overlap CVE-2017-18189." Bug: https://sourceforge.net/p/sox/bugs/299/ 2) CVE-2019-13590 Description: "Fix sox-14.4.2 NULL pointer dereference on lsx_readbuf in formats_i.c by doing a prior check that it is a valid pointer before passing into lsx_calloc." Bug: https://sourceforge.net/p/sox/bugs/325/
1) Patch (CVE-2017-18189, CVE-2019-1010004): https://sourceforge.net/p/sox/code/ci/09d7388c8ad5701ed9c59d1d600ff6154b066397/tree/src/xa.c?diff=f56c0dbca8f5bd02ea88970c248c0d087386e807 2) Patch (CVE-2019-13590): https://sourceforge.net/p/sox/code/ci/7b6a889217d62ed7e28188621403cc7542fd1f7e/tree/src/sox-fmt.c?diff=2f6b3fec2dddfbb869a9f7de3110c9aaa31517c9 --- There has not been an upstream release yet. It would be worth applying these patches.
More vulnerabilities: 3) CVE-2019-8357 4) CVE-2019-8356 5) CVE-2019-8355 6)
More vulnerabilities: 3) CVE-2019-8354 Description: "fix possible buffer size overflow in lsx_make_lpf() (CVE-2019-8354). The multiplication in the size argument malloc() might overflow, resulting in a small buffer being allocated. Use calloc() instead." Commit: https://sourceforge.net/p/sox/code/ci/f70911261a84333b077c29908e1242f69d7439eb/tree/src/effects_i_dsp.c?diff=ccedd08802f62ed896f69d778e6a106d00f9ab58 4) CVE-2019-8355 Description: "fix possible overflow in lsx_(re)valloc() size calculation (CVE-2019-8355)" Patches: https://sourceforge.net/p/sox/code/ci/f8587e2d50dad72d40453ac1191c539ee9e50381/tree/src/Makefile.am?diff=f70911261a84333b077c29908e1242f69d7439eb https://sourceforge.net/p/sox/code/ci/f8587e2d50dad72d40453ac1191c539ee9e50381/tree/src/xmalloc.c?diff=f70911261a84333b077c29908e1242f69d7439eb https://sourceforge.net/p/sox/code/ci/f8587e2d50dad72d40453ac1191c539ee9e50381/tree/src/xmalloc.h?diff=f70911261a84333b077c29908e1242f69d7439eb (no single link to commit because SF UI is poor) 5) CVE-2019-8356 Description: "Prevent overflowing of fixed-size buffers in bitrv2() and bitrv2conj() if the transform size is too large." Patches: https://sourceforge.net/p/sox/code/ci/b7883ae1398499daaa926ae6621f088f0f531ed8/tree/src/fft4g.c?diff=f8587e2d50dad72d40453ac1191c539ee9e50381 https://sourceforge.net/p/sox/code/ci/b7883ae1398499daaa926ae6621f088f0f531ed8/tree/src/fft4g.h?diff=f8587e2d50dad72d40453ac1191c539ee9e50381 6) CVE-2019-8357 Description: "fix possible null pointer deref in lsx_make_lpf() (CVE-2019-8357). If the buffer allocation fails, return NULL." Patch: https://sourceforge.net/p/sox/code/ci/2ce02fea7b350de9ddfbcf542ba4dd59a8ab255b/tree/src/effects_i_dsp.c?diff=b7883ae1398499daaa926ae6621f088f0f531ed8
*** Bug 679478 has been marked as a duplicate of this bug. ***
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f0525803e44e76b54ba366144606577d783af33e commit f0525803e44e76b54ba366144606577d783af33e Author: Sam James <sam@gentoo.org> AuthorDate: 2020-08-03 06:27:12 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2020-08-03 06:27:12 +0000 media-sound/sox: security bump to 20200803 snapshot Bug: https://bugs.gentoo.org/711320 Closes: https://bugs.gentoo.org/712630 Package-Manager: Portage-3.0.1, Repoman-2.3.23 Signed-off-by: Sam James <sam@gentoo.org> media-sound/sox/Manifest | 1 + media-sound/sox/sox-14.4.2_p20200803.ebuild | 106 ++++++++++++++++++++++++++++ 2 files changed, 107 insertions(+)
amd64 done
arm64 done
arm done
x86 done
sparc stable
Gently ask do we still need this pull request ? https://github.com/gentoo/gentoo/pull/14561 Thanks!
I resubmit https://github.com/gentoo/gentoo/pull/17168 thanks!
ppc done
commit 1000f7ed8ee912db6d392c183f3b4f8f85928e50 Author: Sam James <sam@gentoo.org> Date: Thu Sep 3 23:43:26 2020 +0000 media-sound/sox: ppc64 stable (bug #711320)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7a8736c5acc6898bf74f7788560bf8667f441f67 commit 7a8736c5acc6898bf74f7788560bf8667f441f67 Author: Miroslav Šulc <fordfrog@gentoo.org> AuthorDate: 2020-09-04 12:07:06 +0000 Commit: Miroslav Šulc <fordfrog@gentoo.org> CommitDate: 2020-09-04 12:07:18 +0000 media-sound/sox: security cleanup Bug: https://bugs.gentoo.org/711320 Package-Manager: Portage-3.0.5, Repoman-3.0.1 Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org> media-sound/sox/Manifest | 1 - .../sox/files/sox-14.4.2-CVE-2017-11332.patch | 25 ------ .../sox/files/sox-14.4.2-CVE-2017-11333.patch | 43 ---------- .../sox/files/sox-14.4.2-CVE-2017-11358.patch | 26 ------ .../sox/files/sox-14.4.2-CVE-2017-11359.patch | 27 ------ .../sox/files/sox-14.4.2-CVE-2017-15370.patch | 25 ------ .../sox/files/sox-14.4.2-CVE-2017-15371.patch | 37 -------- .../sox/files/sox-14.4.2-CVE-2017-15372.patch | 97 --------------------- .../sox/files/sox-14.4.2-CVE-2017-15642.patch | 28 ------- .../sox/files/sox-14.4.2-CVE-2017-18189.patch | 30 ------- .../sox-14.4.2-wavpack-chk-errors-on-init.patch | 35 -------- media-sound/sox/sox-14.4.2-r1.ebuild | 98 ---------------------- 12 files changed, 472 deletions(-)
Thanks all.
GLSA Vote: No Repository is clean, all done!
