Hi Salvatore, This bug was fixed in April 2021, as you can see in https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33544 if you read the last few comments. It was fixed in commit 1d9086205a0e91fb6517ebb09b00af354431f468
Version 9.5 was just released this month, so the fix is there. Let me know if you have any other questions. Cheers, Aaron Sent with ProtonMail Secure Email. ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Wednesday, October 27th, 2021 at 15:34, Salvatore Bonaccorso <[email protected]> wrote: > Hi, > > On Wed, Oct 27, 2021 at 08:57:06AM +0000, Debian Bug Tracking System wrote: > > > This is an automatic notification regarding your Bug report > > > > which was filed against the src:libgrokj2k package: > > > > #990525: libgrokj2k: CVE-2021-36089 > > > > It has been closed by Adam Borowski [email protected]. > > > > Their explanation is attached below along with your original report. > > > > If this explanation is unsatisfactory and you have not received a > > > > better one in a separate message then please contact Adam Borowski > > [email protected] by > > > > replying to this email. > > > > -- > > > > 990525: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990525 > > > > Debian Bug Tracking System > > > > Contact [email protected] with problems > > > Date: Wed, 27 Oct 2021 10:51:43 +0200 > > > > From: Adam Borowski [email protected] > > > > To: [email protected] > > > > Subject: closing > > > > Message-ID: [email protected] > > > > Version: 9.2.0-1 > > > > Fixed in never-uploaded-to-debian version that's a part of 9.5.0-1. > > > > libgrokj2k (9.2.0-1) unstable; urgency=high > > > > * Majour release > > * Fixes CVE-2021-36089 (Closes: #990525) > > > > > > -- Aaron Boxer [email protected] Sat, 22 May 2021 11:10:00 +0200 > > Looking at the > > https://github.com/google/oss-fuzz-vulns/blob/main/vulns/grok/OSV-2021-677.yaml > > can you clarify what was the fix for the CVE? In particular the > > OSV-2021-677 still metnions explicitly from the fuzzing as well v9.5.0 > > as affected. > > Can you point me to what I'm missing and where the issue got fixed? > > Regards, > > Salvatore
