Hi Salvatore, This bug was fixed in April 2021, as you can see in https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33544 if you read the last few comments. It was fixed in commit 1d9086205a0e91fb6517ebb09b00af354431f468
Version 9.5 was just released this month, so the fix is there. Let me know if you have any other questions. Cheers, Aaron Sent with ProtonMail Secure Email. ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Wednesday, October 27th, 2021 at 15:34, Salvatore Bonaccorso <car...@debian.org> wrote: > Hi, > > On Wed, Oct 27, 2021 at 08:57:06AM +0000, Debian Bug Tracking System wrote: > > > This is an automatic notification regarding your Bug report > > > > which was filed against the src:libgrokj2k package: > > > > #990525: libgrokj2k: CVE-2021-36089 > > > > It has been closed by Adam Borowski kilob...@angband.pl. > > > > Their explanation is attached below along with your original report. > > > > If this explanation is unsatisfactory and you have not received a > > > > better one in a separate message then please contact Adam Borowski > > kilob...@angband.pl by > > > > replying to this email. > > > > -- > > > > 990525: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990525 > > > > Debian Bug Tracking System > > > > Contact ow...@bugs.debian.org with problems > > > Date: Wed, 27 Oct 2021 10:51:43 +0200 > > > > From: Adam Borowski kilob...@angband.pl > > > > To: 990525-d...@bugs.debian.org > > > > Subject: closing > > > > Message-ID: yxkthxop7t+ag...@angband.pl > > > > Version: 9.2.0-1 > > > > Fixed in never-uploaded-to-debian version that's a part of 9.5.0-1. > > > > libgrokj2k (9.2.0-1) unstable; urgency=high > > > > * Majour release > > * Fixes CVE-2021-36089 (Closes: #990525) > > > > > > -- Aaron Boxer boxe...@gmail.com Sat, 22 May 2021 11:10:00 +0200 > > Looking at the > > https://github.com/google/oss-fuzz-vulns/blob/main/vulns/grok/OSV-2021-677.yaml > > can you clarify what was the fix for the CVE? In particular the > > OSV-2021-677 still metnions explicitly from the fuzzing as well v9.5.0 > > as affected. > > Can you point me to what I'm missing and where the issue got fixed? > > Regards, > > Salvatore
