Markus Koschany · Markus Koschany · 63e661c7 · 63e661c7
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -51700,7 +51700,6 @@ CVE-2017-18189 (In the startread function in xa.c in Sound eXchange (SoX) throug
 	{DLA-1197-1}
 	- sox 14.4.2-2 (bug #881121)
 	[stretch] - sox <no-dsa> (Minor issue)
-	[jessie] - sox <no-dsa> (Minor issue)
 	NOTE: https://public-inbox.org/sox-devel/20171109114554.16297-1-mans@mansr.com/raw
 CVE-2018-7049 (An issue was discovered in Wowza Streaming Engine before 4.7.1. There ...)
 	NOT-FOR-US: Wowza Streaming Engine
@@ -77099,7 +77098,6 @@ CVE-2017-15642 (In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, t
 	{DLA-1197-1}
 	- sox 14.4.2-2 (bug #882144)
 	[stretch] - sox <no-dsa> (Minor issue)
-	[jessie] - sox <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/sox/bugs/298/
 CVE-2017-15641
 	RESERVED
@@ -77872,19 +77870,16 @@ CVE-2017-15372 (There is a stack-based buffer overflow in the ...)
 	{DLA-1197-1}
 	- sox 14.4.2-2 (bug #878808)
 	[stretch] - sox <no-dsa> (Minor issue)
-	[jessie] - sox <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1500553
 CVE-2017-15371 (There is a reachable assertion abort in the function ...)
 	{DLA-1197-1}
 	- sox 14.4.2-2 (bug #878809)
 	[stretch] - sox <no-dsa> (Minor issue)
-	[jessie] - sox <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1500570
 CVE-2017-15370 (There is a heap-based buffer overflow in the ImaExpandS function of ...)
 	{DLA-1197-1}
 	- sox 14.4.2-2 (bug #878810)
 	[stretch] - sox <no-dsa> (Minor issue)
-	[jessie] - sox <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1500554
 CVE-2017-15369 (The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF ...)
 	- mupdf <not-affected> (Vulnerable code introduced later)
@@ -90209,14 +90204,12 @@ CVE-2017-11359 (The wavwritehdr function in wav.c in Sound eXchange (SoX) 14.4.2
 	{DLA-1197-1}
 	- sox 14.4.2-2 (bug #870328)
 	[stretch] - sox <no-dsa> (Minor issue)
-	[jessie] - sox <no-dsa> (Minor issue)
 	NOTE: http://seclists.org/fulldisclosure/2017/Jul/81
 	NOTE: Upstream bug report https://sourceforge.net/p/sox/bugs/296/
 CVE-2017-11358 (The read_samples function in hcom.c in Sound eXchange (SoX) 14.4.2 ...)
 	{DLA-1197-1}
 	- sox 14.4.2-2 (bug #870328)
 	[stretch] - sox <no-dsa> (Minor issue)
-	[jessie] - sox <no-dsa> (Minor issue)
 	NOTE: http://seclists.org/fulldisclosure/2017/Jul/81
 	NOTE: Upstream bug report https://sourceforge.net/p/sox/bugs/296/
 CVE-2017-11357 (Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not ...)
@@ -90351,7 +90344,6 @@ CVE-2017-11332 (The startread function in wav.c in Sound eXchange (SoX) 14.4.2 a
 	{DLA-1197-1}
 	- sox 14.4.2-2 (bug #870328)
 	[stretch] - sox <no-dsa> (Minor issue)
-	[jessie] - sox <no-dsa> (Minor issue)
 	NOTE: http://seclists.org/fulldisclosure/2017/Jul/81
 	NOTE: Upstream bug report https://sourceforge.net/p/sox/bugs/296/
 CVE-2017-11331 (The wav_open function in oggenc/audio.c in Xiph.Org vorbis-tools 1.4.0 ...)
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -126,6 +126,10 @@ qemu (Hugo Lefeuvre)
 --
 rdesktop (Emilio)
 --
+sox
+  NOTE:20190202: Fixed in Buster, Stretch will be fixed via point update. Used
+  NOTE: by sponsors. (apo)
+--
 symfony (Roberto C. Sánchez)
  NOTE: 20190128: Working on resolving FTFBS with feedback received from mailing list (roberto)
 --