Your message dated Wed, 27 Oct 2021 10:51:43 +0200 with message-id <[email protected]> and subject line closing has caused the Debian Bug report #990525, regarding libgrokj2k: CVE-2021-36089 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 990525: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990525 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Source: libgrokj2k X-Debbugs-CC: [email protected] Severity: grave Tags: security Hi, The following vulnerability was published for libgrokj2k. CVE-2021-36089[0]: | Grok 7.6.6 through 9.2.0 has a heap-based buffer overflow in | grk::FileFormatDecompress::apply_palette_clr (called from | grk::FileFormatDecompress::applyColour). https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33544 https://github.com/google/oss-fuzz-vulns/blob/main/vulns/grok/OSV-2021-677.yaml If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-36089 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36089 Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---Version: 9.2.0-1 Fixed in never-uploaded-to-debian version that's a part of 9.5.0-1. libgrokj2k (9.2.0-1) unstable; urgency=high * Majour release * Fixes CVE-2021-36089 (Closes: #990525) -- Aaron Boxer <[email protected]> Sat, 22 May 2021 11:10:00 +0200 -- ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ ⢿⡄⠘⠷⠚⠋⠀ Tea -- not only women can brag about their cup size. ⠈⠳⣄⠀⠀⠀⠀
--- End Message ---
