Version in base suite: 14.4.2+git20190427-2
Version in overlay suite: 14.4.2+git20190427-2+deb11u1

Base version: sox_14.4.2+git20190427-2+deb11u1
Target version: sox_14.4.2+git20190427-2+deb11u2
Base file: /srv/ftp-master.debian.org/ftp/pool/main/s/sox/sox_14.4.2+git20190427-2+deb11u1.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/s/sox/sox_14.4.2+git20190427-2+deb11u2.dsc

 changelog                    |   10 ++++++++++
 patches/CVE-2021-33844.patch |   29 ++++++++++++++++++-----------
 2 files changed, 28 insertions(+), 11 deletions(-)

diff -Nru sox-14.4.2+git20190427/debian/changelog sox-14.4.2+git20190427/debian/changelog
--- sox-14.4.2+git20190427/debian/changelog	2023-02-17 16:13:54.000000000 +0000
+++ sox-14.4.2+git20190427/debian/changelog	2023-03-16 20:30:12.000000000 +0000
@@ -1,3 +1,13 @@
+sox (14.4.2+git20190427-2+deb11u2) bullseye-security; urgency=high
+
+  * Non-maintainer upload by the Security Team.
+
+  [ Helmut Grohne ]
+  * Fix regression in wav-gsm decodeing introduced via fixing CVE-2021-33844
+    (Closes: #1032082)
+
+ -- Salvatore Bonaccorso <carnil@debian.org>  Thu, 16 Mar 2023 21:30:12 +0100
+
 sox (14.4.2+git20190427-2+deb11u1) bullseye-security; urgency=medium
 
   * CVE-2021-23159 CVE-2021-23172 (Closes: #1021133, #1021134)
diff -Nru sox-14.4.2+git20190427/debian/patches/CVE-2021-33844.patch sox-14.4.2+git20190427/debian/patches/CVE-2021-33844.patch
--- sox-14.4.2+git20190427/debian/patches/CVE-2021-33844.patch	2023-02-17 16:13:54.000000000 +0000
+++ sox-14.4.2+git20190427/debian/patches/CVE-2021-33844.patch	2023-03-16 20:30:12.000000000 +0000
@@ -14,15 +14,22 @@
      uint32_t wFmtSize;
      uint16_t wExtSize = 0;    /* extended field for non-PCM */
  
-@@ -587,6 +587,11 @@
-     lsx_readdw(ft, &dwAvgBytesPerSec);   /* Average bytes/second */
-     lsx_readw(ft, &(wav->blockAlign));   /* Block align */
-     lsx_readw(ft, &wBitsPerSample);      /* bits per sample per channel */
-+    if (wBitsPerSample == 0)
-+    {
-+        lsx_fail_errno(ft, SOX_EHDR, "WAV file bits per sample is zero");
-+        return SOX_EOF;
-+    }
-     len -= 16;
+@@ -954,6 +959,11 @@
+         break;
  
-     if (wav->formatTag == WAVE_FORMAT_EXTENSIBLE)
+     default:
++        if (ft->encoding.bits_per_sample == 0)
++        {
++            lsx_fail_errno(ft, SOX_EHDR, "WAV file bits per sample is zero");
++            return SOX_EOF;
++        }
+         wav->numSamples = div_bits(qwDataLength, ft->encoding.bits_per_sample) / ft->signal.channels;
+         ft->signal.length = wav->numSamples * ft->signal.channels;
+     }
+--- a/src/testall.sh
++++ b/src/testall.sh
+@@ -67,3 +67,4 @@
+ t vox -r 8130
+ t wav
+ t wve
++t wav -e gsm-full-rate