Bug#1023693: marked as done (libstb: CVE-2021-37789)

Wed, 15 Mar 2023 11:39:49 -0700 

Your message dated Thu, 16 Mar 2023 02:17:20 +0800
with message-id 
<caaxyomp-xe64seohn7us2nr9hi286me_ary2ewuqyvfrs1z...@mail.gmail.com>
and subject line Re: Bug#1023693: libstb: CVE-2021-37789
has caused the Debian Bug report #1023693,
regarding libstb: CVE-2021-37789
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1023693: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023693
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Source: libstb
X-Debbugs-CC: [email protected]
Severity: important
Tags: security

Hi,

The following vulnerability was published for libstb.

CVE-2021-37789[0]:
| stb_image.h 2.27 has a heap-based buffer over in stbi__jpeg_load,
| leading to Information Disclosure or Denial of Service.

https://github.com/nothings/stb/issues/1178

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2021-37789
    https://www.cve.org/CVERecord?id=CVE-2021-37789

Please adjust the affected versions in the BTS as needed.

--- End Message ---
--- Begin Message --- 
Moritz Mühlenhoff <[email protected]> 于2023年3月16日周四 00:30写道:
>
> Am Tue, Nov 08, 2022 at 08:42:05PM +0100 schrieb Moritz Mühlenhoff:
> > Source: libstb
> > X-Debbugs-CC: [email protected]
> > Severity: important
> > Tags: security
> >
> > Hi,
> >
> > The following vulnerability was published for libstb.
> >
> > CVE-2021-37789[0]:
> > | stb_image.h 2.27 has a heap-based buffer over in stbi__jpeg_load,
> > | leading to Information Disclosure or Denial of Service.
> >
> > https://github.com/nothings/stb/issues/1178
>
> This is fixed in 
> https://github.com/nothings/stb/commit/5ba0baaa269b3fd681828e0e3b3ac0f1472eaf40
>
> Could we get that fixed for bookworm?
>
> Cheers,
>         Moritz

Strange. This should have been included in 0.0~git20220908.8b5f1f3+ds-1.

--- End Message ---

Reply via email to