Issue 251 is not open upstream, but it looks like this was addressed in https://gitlab.freedesktop.org/virgl/virglrenderer/-/commit/2aed5d419722a0d9fbd17be9c7a1147e22b681de along with a couple of other security fixes in https://gitlab.freedesktop.org/virgl/virglrenderer/-/merge_requests/654 . It does not look like these fixes have landed in a release yet upstream.
Hoever, the other two issues (249, 250) did get CVEs assigned for them, CVE-2022-0175 and CVE-2022-0135 respectively. Jun Yao, was a CVE ever assigned for this issue? ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-0135 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-0175 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1950940 Title: Integer underflow in the vrend_decode_set_shader_images() on virglrenderer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/virglrenderer/+bug/1950940/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
