Bug 31753 - sox regression fix for CVE-2021-33844 patch
Summary: sox regression fix for CVE-2021-33844 patch
Status: NEW
Alias: None
Product: Mageia
Classification: Unclassified
Component: RPM Packages (show other bugs)
Version: Cauldron
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: David GEIGER
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on: 31673
Blocks:
  Show dependency treegraph
 
Reported: 2023-04-04 21:19 CEST by David Walser
Modified: 2023-04-04 21:19 CEST (History)
0 users

See Also:
Source RPM: sox-14.4.3-0.git20200117.3.2.mga8.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2023-04-04 21:19:14 CEST 
+++ This bug was initially created as a clone of Bug #31673 +++

In Bug 30291, we fixed a CVE with a buggy patch from Debian.  A fixed version of the patch has been posted here:
https://www.openwall.com/lists/oss-security/2023/03/14/7

* Update *

Some more fixes have been discussed in this thread:
https://www.openwall.com/lists/oss-security/2023/03/31/2

It doesn't sound like the remaining issues are that serious, unless I'm misreading, but we should at least update the patch in Cauldron.
Note You need to log in before you can comment on or make changes to this bug.