--------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-1945 Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=1945 2005-02-04 ---------------------------------------------------------------------
Name : sox Versions : rh73: sox-12.17.3-4.1.legacy Versions : rh9: sox-12.17.3-11.1.legacy Summary : A general purpose sound file conversion tool. Description : SoX (Sound eXchange) is a sound file format converter. SoX can convert between many different digitized sound formats and perform simple sound manipulation functions, including sound effects.
--------------------------------------------------------------------- Update Information:
Updated sox packages that fix buffer overflows in the WAV file handling code are now available.
SoX (Sound eXchange) is a sound file format converter. SoX can convert between many different digitized sound formats and perform simple sound manipulation functions, including sound effects.
Buffer overflows existed in the parsing of WAV file header fields. It was possible that a malicious WAV file could have caused arbitrary code to be executed when the file was played or converted. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0557 to these issues.
All users of sox should upgrade to these updated packages, which contain a security patch to resolve these issues.
--------------------------------------------------------------------- Changelogs
rh73: * Mon Aug 30 2004 Dave Botsch <dwb7 ccmr cornell edu> - added CAN-2004-0557 patch
--------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums)
Attachment:
signature.asc
Description: OpenPGP digital signature