Re: Handling mp3 files with Sox
- Date: Wed, 15 Mar 2017 09:24:59 -0400
- From: Dan Ritter <dsr@xxxxxxxxxxxxxxxx>
- Subject: Re: Handling mp3 files with Sox
On Wed, Mar 15, 2017 at 10:15:50PM +0900, Mark Fletcher wrote:
> On Wed, Mar 15, 2017 at 07:30:57AM -0500, Martin McCormick wrote:
> > This is a tale of two systems. One is a wheezy
> > installation and it's version of sox handles mp3 files nicely. It
> > can create them and appears to allow one to edit them. The
> > listing for /usr/bin/sox shows a size of somewhat above 63 KB and
> > a creation date of Dec 22 in 2014.
> > A second system is running jessie. It's version of
> > /usr/bin/sox is slightly larger than 67 K and has a creation date of
> > December 24, 2014.
> So wheezy's and Jessie's are 2 days apart? That doesn't sound right.
> Maybe the wheezy one _was_ recompiled... Although I'm at a loss to
> explain how that could happen without you, as the owner of the box,
> knowing about it...
Entirely possible if the same security issue happened upstream
and was fixed in wheezy and jessie.
The changelog says:
sox (14.4.0-3+deb7u1) wheezy-security; urgency=high
* Patches to fix memory corruptions on the heap, CVE-2014-8145
-- Pascal Giard <pascal@xxxxxxxxxx> Mon, 22 Dec 2014 12:25:43
So, yes, I think that's what happened.