|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: CVE-2023-26590: sox: floating point exception in src/aiff.c | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | Robert Frohl <rfrohl> |
| Component: | Incidents | Assignee: | Security Team bot <security-team> |
| Status: | RESOLVED FIXED | QA Contact: | Security Team bot <security-team> |
| Severity: | Normal | ||
| Priority: | P3 - Medium | CC: | Andreas.Stieger, security-team, tiwai |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| URL: | https://smash.suse.de/issue/368474/ | ||
| Whiteboard: | |||
| Found By: | Security Response Team | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
| Bug Depends on: | |||
| Bug Blocks: | 1225537 | ||
|
Description
Robert Frohl
2023-06-06 13:53:30 UTC
@Takashi: any idea who might feel responsible for sox? From the changes file there does not seem to be anybody who cares directly and selecting someone at random from multimedia:apps might also not be the best option. There are three more bugs.. (In reply to Robert Frohl from comment #2) > @Takashi: any idea who might feel responsible for sox? From the changes file > there does not seem to be anybody who cares directly and selecting someone > at random from multimedia:apps might also not be the best option. Actually that's the only way :) > There are three more bugs.. I suppose it's only for openSUSE, right? I can try patching if the fix patches are provided in the upstream. (In reply to Takashi Iwai from comment #3) > (In reply to Robert Frohl from comment #2) > > > There are three more bugs.. > > I suppose it's only for openSUSE, right? I can try patching if the fix > patches are provided in the upstream. Yes, I think so. sox was dropped from SLE a while back. I will assign them to you then. Thanks! It seems that this bug is fixed by the old bug fix CVE-2022-31650. I backported the patch taken from Debian. Fixes submitted to Leap 15.4/15.5 and TW. Reassigned back to security team. This is an autogenerated message for OBS integration: This bug (1212060) was mentioned in https://build.opensuse.org/request/show/1120242 Backports:SLE-15-SP4 / sox https://build.opensuse.org/request/show/1120243 Backports:SLE-15-SP5 / sox openSUSE-SU-2023:0328-1: An update that fixes 10 vulnerabilities is now available. Category: security (important) Bug References: 1212060,1212061,1212062,1212063 CVE References: CVE-2019-13590,CVE-2021-23159,CVE-2021-33844,CVE-2021-3643,CVE-2021-40426,CVE-2022-31650,CVE-2022-31651,CVE-2023-32627,CVE-2023-34318,CVE-2023-34432 JIRA References: Sources used: openSUSE Backports SLE-15-SP4 (src): sox-14.4.2-bp154.2.3.1 openSUSE-SU-2023:0329-1: An update that fixes 10 vulnerabilities is now available. Category: security (important) Bug References: 1212060,1212061,1212062,1212063 CVE References: CVE-2019-13590,CVE-2021-23159,CVE-2021-33844,CVE-2021-3643,CVE-2021-40426,CVE-2022-31650,CVE-2022-31651,CVE-2023-32627,CVE-2023-34318,CVE-2023-34432 JIRA References: Sources used: openSUSE Backports SLE-15-SP5 (src): sox-14.4.2-bp155.3.3.1 Thanks Takashi! done, closing Reopening: Missing in Leap 15.6. Please process incoming submission or fix in Leap 15.6 in your chosen way. (bug 1225537) As per bug 1225537 now also fixed in Leap 15.6, closing |