Source: libxsmm Version: 1.9-2 Severity: grave Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerabilities were published for libxsmm. CVE-2021-39535[0]: | An issue was discovered in libxsmm through v1.16.1-93. A NULL pointer | dereference exists in JIT code. It allows an attacker to cause Denial | of Service. CVE-2021-39536[1]: | An issue was discovered in libxsmm through v1.16.1-93. The JIT code | has a heap-based buffer overflow. Severity is slight overrated here, but making it RC to make sure fixed version can land in bookworm. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-39535 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39535 [1] https://security-tracker.debian.org/tracker/CVE-2021-39536 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39536 Regards, Salvatore
