Date: Tue, 14 Mar 2023 12:01:38 +0100 From: Helmut Grohne <helmut@...divi.de> To: oss-security@...ts.openwall.com Subject: Re: sox: patches for old vulnerabilities On Fri, Feb 03, 2023 at 09:44:47PM +0100, Helmut Grohne wrote: > * CVE-2021-33844 The original fix for this issue would cause a regression. After applying it, sox would be unable to decode WAV GSM files. This has been reported as https://bugs.debian.org/1032082. I am attaching an updated patch that fixes this regression. It is meant to replace the previous patch. The updated patch includes a regression test case to avoid repeating the mistake. I see that most distributions (e.g. RedHat, SUSE, Gentoo, etc.) have not picked up the faulty patch. Ubuntu inherited it from Debian and will likely inherit the fix as it gets fixed in Debian releases. Helmut View attachment "CVE-2021-33844.patch" of type "text/x-diff" (1186 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.