Your message dated Fri, 09 Dec 2022 19:32:09 +0000
with message-id <[email protected]>
and subject line Bug#1009073: fixed in virglrenderer 0.8.2-5+deb11u1
has caused the Debian Bug report #1009073,
regarding virglrenderer: CVE-2022-0135: out-of-bounds write in
read_transfer_data()
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1009073: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009073
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: virglrenderer
Version: 0.8.2-5
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for virglrenderer.
CVE-2022-0135[0]:
| out-of-bounds write in read_transfer_data()
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-0135
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0135
[1] https://gitlab.freedesktop.org/virgl/virglrenderer/-/merge_requests/654
[2]
https://gitlab.freedesktop.org/virgl/virglrenderer/-/commit/95e581fd181b213c2ed7cdc63f2abc03eaaa77ec
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: virglrenderer
Source-Version: 0.8.2-5+deb11u1
Done: Tobias Frost <[email protected]>
We believe that the bug you reported is fixed in the latest version of
virglrenderer, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Tobias Frost <[email protected]> (supplier of updated virglrenderer package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 07 Dec 2022 17:24:59 +0100
Source: virglrenderer
Architecture: source
Version: 0.8.2-5+deb11u1
Distribution: bullseye
Urgency: medium
Maintainer: Gert Wollny <[email protected]>
Changed-By: Tobias Frost <[email protected]>
Closes: 1009073
Changes:
virglrenderer (0.8.2-5+deb11u1) bullseye; urgency=medium
.
* Non-maintainer upload by the LTS Security Team.
* Cherry-pick upstream fix for CVE-2022-0135. (Closes: #1009073)
Checksums-Sha1:
37a51f7dec5346b2e3ddfdd94a48795f8ef49fb3 2160 virglrenderer_0.8.2-5+deb11u1.dsc
818f246332427253a3cfeae251fab7ec3c9e1cea 7716
virglrenderer_0.8.2-5+deb11u1.debian.tar.xz
718f9b808c5122fb90662a40bed97d3c43a25c6e 9841
virglrenderer_0.8.2-5+deb11u1_amd64.buildinfo
Checksums-Sha256:
3c7eaed99d704df64bfbace98648562f2dd151138a9ea6977efeac6852727cf9 2160
virglrenderer_0.8.2-5+deb11u1.dsc
3e9fa8aa4fc0ca0375b4ce6e863184517fa96f50a425d949dc8867ee20cfe5c1 7716
virglrenderer_0.8.2-5+deb11u1.debian.tar.xz
fc865186dd40f469b191b55191931a9eae6589429597f0eefbe9560097805245 9841
virglrenderer_0.8.2-5+deb11u1_amd64.buildinfo
Files:
147f8d9430ba76f14549c7f32dc378bd 2160 libs optional
virglrenderer_0.8.2-5+deb11u1.dsc
392affbe3f8373569cc468ba9cb2f796 7716 libs optional
virglrenderer_0.8.2-5+deb11u1.debian.tar.xz
db368b5d311d281a57613f549670e102 9841 libs optional
virglrenderer_0.8.2-5+deb11u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEE/d0M/zhkJ3YwohhskWT6HRe9XTYFAmORDEkACgkQkWT6HRe9
XTYlRw/+KhIVT+57VYPl13FlvVyOEVjrWQps5Kmze2sPwNqju0D4pmrIcmEee49e
CgwKcrdTLxngS6r+Xr/1Xg57Tie40gvKcJhE20k/37RqeBSq1/O9Z2ehCnMLmKQZ
2z87Rwf3SrbVlUjJP03fQsQ/UcHH07ZM8iPr5t6z92vKEPbufrEOdbekfWCr+Qcg
LPURLUuodyZrQ3SmSHqkyQJviH67qB2pWkerZ4GjGk1DjTvawZikn/P4dSxORnHB
l81GMMi3Hd5L81dDWYQP//UbhXSYSjKrigmRTUGPD2me4MfZunGrzYSdSdegcNEp
Wl2TDegjsrMmCGQcBKZpbk3EknboECWbtOnNyF8bxjeBfVASnCRrP+QLonmH/4kL
FSwPOnMK7L4UsxtSlbJfTZOOyqNe7Vd2mUTRRC+Iz+INnCgQn04BKl40LHYNZ/VI
MCKU8Z3nOA6qMQlIgHouPxCLNB60WPopAc9PcOn5oF/5UgFCQ26vGF2qdRunNMsN
VYd41kOxIgc79gJ3xbe7dcY6qLKRdYtVpN9STjpHSSyqshTrvUYZBj8TUjYIJPP6
0FuEIKuHwUckJ/Q75jypJiqvJdNPglwp+54TvfNLL8P9BSloKjV4YfypqgrP0yme
7rhUJT6FNl85ukKSAqBBtJSUYfcfnOsWuxIiCD4rqPpHX8o+W4I=
=/BIm
-----END PGP SIGNATURE-----
--- End Message ---
