Your message dated Wed, 11 Oct 2023 07:51:51 +0000 with message-id <e1qqu0v-00eiud...@fasolo.debian.org> and subject line Bug#1034722: fixed in jpeg-xl 0.8.2-1 has caused the Debian Bug report #1034722, regarding jpeg-xl: CVE-2023-0645 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1034722: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034722 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: jpeg-xl X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for jpeg-xl. CVE-2023-0645[0]: | An out of bounds read exists in libjxl. An attacker using a | specifically crafted file could cause an out of bounds read in the | exif handler. We recommend upgrading to version 0.8.1 or past commit h | ttps://github.com/libjxl/libjxl/pull/2101/commits/d95b050c1822a5b1ede9 | e0dc937e43fca1b10159 https://github.com/libjxl/libjxl/pull/2101/commit | s/d95b050c1822a5b1ede9e0dc937e43fca1b10159 https://github.com/libjxl/libjxl/issues/2100 https://github.com/libjxl/libjxl/pull/2101 https://github.com/libjxl/libjxl/commit/a7c8428b61299f3b055cbbdbba3fbcd8cb38d084 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-0645 https://www.cve.org/CVERecord?id=CVE-2023-0645 Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---Source: jpeg-xl Source-Version: 0.8.2-1 Done: Mathieu Malaterre <ma...@debian.org> We believe that the bug you reported is fixed in the latest version of jpeg-xl, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1034...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Mathieu Malaterre <ma...@debian.org> (supplier of updated jpeg-xl package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 11 Oct 2023 09:12:56 +0200 Source: jpeg-xl Architecture: source Version: 0.8.2-1 Distribution: experimental Urgency: medium Maintainer: Debian PhotoTools Maintainers <pkg-phototools-de...@lists.alioth.debian.org> Changed-By: Mathieu Malaterre <ma...@debian.org> Closes: 1029698 1034722 Changes: jpeg-xl (0.8.2-1) experimental; urgency=medium . * New upstream version 0.8.2 * Fixes CVE-2023-0645 / CVE-2023-35790. Closes: #1034722 * d/patches: Remove failing tests on BE arches. Closes: #1029698 Checksums-Sha1: 83696b6095a72611ce03d91cec364946e1f94614 3067 jpeg-xl_0.8.2-1.dsc e94ff763f75b75735b2458637b67f4a96122c2f0 1612062 jpeg-xl_0.8.2.orig.tar.gz 7066d54770834c7e3c890594d69b445988716922 22316 jpeg-xl_0.8.2-1.debian.tar.xz 14919905d2fa04975c01bf6387747a32b269cb35 11378 jpeg-xl_0.8.2-1_source.buildinfo Checksums-Sha256: 48e5b8269bbfac1b4e83889c8c44d5451c5cac5fc120fbc451edfa3a3f4eaddc 3067 jpeg-xl_0.8.2-1.dsc c70916fb3ed43784eb840f82f05d390053a558e2da106e40863919238fa7b420 1612062 jpeg-xl_0.8.2.orig.tar.gz 1ce01af7d540ea5d95d3723c59b35ee7b3edf4c68bb0cc6e541684a88125e82d 22316 jpeg-xl_0.8.2-1.debian.tar.xz eac981b826e8c2ad483261d3171ce5d5312c59b2ba86177d807d2717ab826ed5 11378 jpeg-xl_0.8.2-1_source.buildinfo Files: e73240125b65161c801133d9dba6ac4f 3067 graphics optional jpeg-xl_0.8.2-1.dsc 826a2508b7978f50638794473173a3ad 1612062 graphics optional jpeg-xl_0.8.2.orig.tar.gz 85c65107b6a6fc225c443b550fa13c4e 22316 graphics optional jpeg-xl_0.8.2-1.debian.tar.xz d6d8c7e6e1989ee948be84a11e907a92 11378 graphics optional jpeg-xl_0.8.2-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJFBAEBCgAvFiEEaTNn/67NjqrNHwY7AXHhgorgk0UFAmUmTc4RHG1hbGF0QGRl Ymlhbi5vcmcACgkQAXHhgorgk0UuUQ//U+b0a73feuYvOuldxoN/W/kwz7nRgmSC OITGU+uiX4UqNk5+WjdUtFZVhpjKqNb1V47fkOgyoVanz3vanHcs5/cZzva5gmeV gFVPsnI6GNg7zR5AVQzEBtq55hTnSaZNRlvmdPhDKJyXtrZ29PJUyVBzcOvUJrBw lTaxE1MrYTVYlt3pBR83nSNy3oYxMhcfJs5iUIoFBo//u5aLk1Fj4LWP4Ie8MaG0 BdeBJA9XwmvQ+FVEecwdTt+FQbV9fb47EsZw6oJGgwYQ3yrP8B8KA7ruab71n9gs e7H1ZtofJQPeUpSXFe19YtPZWyQOAJDVDNgISTb0JndR4GhCRf0n9BOmB4bUW94Q G2AIMNgSrlUKtOdSif3n2C0vXgr0l+uPJdVxzAFEu/Opi3mqg+WxxsZlWm3ruPqC 3LFWBDox/KdfudzV1ItEIwA1J0vPLearuvdpvK691ZwAYRAzYnE+1qcFgBpSJ1pS CBum+HFtE5mUj51xVQouhOcfXwU0ewT3PjyXa3jv5et6onwvIPS/fLRk0Lnkw2s0 NwbCThGfXBP3KMIre8QvaC8ojTtQiB3Y4EEmFrp/t/2Tf+7F0bFUmGeg4EFlYKwn aFzeA2CfKJsOrWj3SkoshNt3g8Ar1KvC1ogmjljA+ZnOwNy6etQ+LvjP26DlzhLc VjsADwYEm5w= =h5Nz -----END PGP SIGNATURE-----
--- End Message ---
