From ed0fb7130fd72ead525d58bcf48826b61c555a19 Mon Sep 17 00:00:00 2001 From: Thomas Perale Date: Mon, 29 Dec 2025 10:07:06 +0100 Subject: [PATCH] package/sox: add CVE trailer in patches Since Buildroot commit [1] the patches that fixes a security vulnerability needs to reference the fixed vulnerability. This patch adds the relevant information to the patches header. [1] 1167d0ff3d docs/manual: mention CVE trailer Signed-off-by: Thomas Perale Signed-off-by: Thomas Petazzoni (cherry picked from commit 9d0e4db4c458ebe202b32f52ca96ca2e3386a1b6) Signed-off-by: Thomas Perale --- ...voc-word-width-should-never-be-0-to-avoid-division-b.patch | 2 ++ package/sox/0007-hcom-validate-dictsize.patch | 4 ++++ package/sox/0008-phere-avoid-integer-underflow.patch | 1 + ...formats-aiff-reject-implausibly-large-number-of-chan.patch | 2 ++ package/sox/0010-formats-reject-implausible-rate.patch | 1 + ...CVE-2023-32627-Filter-null-sampling-rate-in-VOC-code.patch | 1 + 6 files changed, 11 insertions(+) diff --git a/package/sox/0006-voc-word-width-should-never-be-0-to-avoid-division-b.patch b/package/sox/0006-voc-word-width-should-never-be-0-to-avoid-division-b.patch index 94298b7ae5..2b516fa4c3 100644 --- a/package/sox/0006-voc-word-width-should-never-be-0-to-avoid-division-b.patch +++ b/package/sox/0006-voc-word-width-should-never-be-0-to-avoid-division-b.patch @@ -8,6 +8,8 @@ Bug-Debian: https://bugs.debian.org/1010374 This patch fixes both CVE-2021-3643 and CVE-2021-23210. +CVE: CVE-2021-3643 +CVE: CVE-2021-23210 Upstream: https://sourceforge.net/p/sox/bugs/351/ Signed-off-by: Thomas Petazzoni --- diff --git a/package/sox/0007-hcom-validate-dictsize.patch b/package/sox/0007-hcom-validate-dictsize.patch index 722b64675b..c221f74c59 100644 --- a/package/sox/0007-hcom-validate-dictsize.patch +++ b/package/sox/0007-hcom-validate-dictsize.patch @@ -10,6 +10,10 @@ Bug-Debian: https://bugs.debian.org/1021134 This patch fixes both CVE-2021-23159 and CVE-2021-23172. +CVE: CVE-2021-23159 +CVE: CVE-2021-23172 +CVE: CVE-2023-34318 +CVE: CVE-2023-34432 Upstream: https://sourceforge.net/p/sox/bugs/350/ Upstream: https://sourceforge.net/p/sox/bugs/352/ Signed-off-by: Thomas Petazzoni diff --git a/package/sox/0008-phere-avoid-integer-underflow.patch b/package/sox/0008-phere-avoid-integer-underflow.patch index 7c59896660..cc3cc533e7 100644 --- a/package/sox/0008-phere-avoid-integer-underflow.patch +++ b/package/sox/0008-phere-avoid-integer-underflow.patch @@ -7,6 +7,7 @@ Link: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1434 Bug: https://sourceforge.net/p/sox/bugs/362/ Bug-Debian: https://bugs.debian.org/1012138 +CVE: CVE-2021-40426 Upstream: https://sourceforge.net/p/sox/bugs/362/ Signed-off-by: Thomas Petazzoni --- diff --git a/package/sox/0009-formats-aiff-reject-implausibly-large-number-of-chan.patch b/package/sox/0009-formats-aiff-reject-implausibly-large-number-of-chan.patch index fd1d210da1..0489d82601 100644 --- a/package/sox/0009-formats-aiff-reject-implausibly-large-number-of-chan.patch +++ b/package/sox/0009-formats-aiff-reject-implausibly-large-number-of-chan.patch @@ -6,6 +6,8 @@ Subject: [PATCH] formats+aiff: reject implausibly large number of channels Bug: https://sourceforge.net/p/sox/bugs/360/ Bug-Debian: https://bugs.debian.org/1012516 +CVE: CVE-2022-31650 +CVE: CVE-2023-26590 Upstream: https://sourceforge.net/p/sox/bugs/360/ Signed-off-by: Thomas Petazzoni --- diff --git a/package/sox/0010-formats-reject-implausible-rate.patch b/package/sox/0010-formats-reject-implausible-rate.patch index 5e60b62011..0805c2f958 100644 --- a/package/sox/0010-formats-reject-implausible-rate.patch +++ b/package/sox/0010-formats-reject-implausible-rate.patch @@ -6,6 +6,7 @@ Subject: [PATCH] formats: reject implausible rate Bug: https://sourceforge.net/p/sox/bugs/360/ Bug-Debian: https://bugs.debian.org/1012516 +CVE: CVE-2022-31651 Upstream: https://sourceforge.net/p/sox/bugs/360/ Signed-off-by: Thomas Petazzoni --- diff --git a/package/sox/0011-CVE-2023-32627-Filter-null-sampling-rate-in-VOC-code.patch b/package/sox/0011-CVE-2023-32627-Filter-null-sampling-rate-in-VOC-code.patch index b67d23c12d..7abdf54feb 100644 --- a/package/sox/0011-CVE-2023-32627-Filter-null-sampling-rate-in-VOC-code.patch +++ b/package/sox/0011-CVE-2023-32627-Filter-null-sampling-rate-in-VOC-code.patch @@ -10,6 +10,7 @@ bug-redhat: https://bugzilla.redhat.com/show_bug.cgi?id=2212282 bug-debian: https://bugs.debian.org/1041112 bug-debian-security: https://security-tracker.debian.org/tracker/CVE-2023-32627 +CVE: CVE-2023-32627 Upstream: https://sourceforge.net/p/sox/bugs/369/ Signed-off-by: Thomas Petazzoni ---