Your message dated Fri, 20 Dec 2019 20:56:46 +0000
with message-id <e1iipki-0008f3...@fasolo.debian.org>
and subject line Bug#946942: fixed in virglrenderer 0.8.1-1
has caused the Debian Bug report #946942,
regarding virglrenderer: CVE-2019-18389 CVE-2019-18391
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
946942: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946942
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: virglrenderer
Version: 0.8.0-2
Severity: grave
Tags: security upstream
Hi,
The following vulnerability was published for virglrenderer.
CVE-2019-18389[0]:
|heap buffer overflow in the vrend_renderer_transfer_write_iov function
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-18389
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18389
[1]
https://gitlab.freedesktop.org/virgl/virglrenderer/commit/cbc8d8b75be360236cada63784046688aeb6d921
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: virglrenderer
Source-Version: 0.8.1-1
We believe that the bug you reported is fixed in the latest version of
virglrenderer, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 946...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Gert Wollny <g...@debian.org> (supplier of updated virglrenderer package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 20 Dec 2019 14:06:51 +0100
Source: virglrenderer
Architecture: source
Version: 0.8.1-1
Distribution: unstable
Urgency: medium
Maintainer: Gert Wollny <g...@debian.org>
Changed-By: Gert Wollny <g...@debian.org>
Closes: 946942
Changes:
virglrenderer (0.8.1-1) unstable; urgency=medium
.
* New upstream version 0.8.1 Closes: #946942
* d/rules,d/control: Switch to meson build system
* Fixes: CVE-2019-18389 CVE-2019-18391
* d/control: Update standards version to 4.4.1 (no changes)
* d/control: Add check to enable testing
* d/rules: Run tests with surfaceless
* d/control: Add python3-setuptools because meson wants it
Checksums-Sha1:
7bf1ad2de7cff6a8336f390b06fa3d9d22e8676b 2122 virglrenderer_0.8.1-1.dsc
60cf6d1ea955383f4ae085bcf996c5f398c018b3 1762048
virglrenderer_0.8.1.orig.tar.bz2
4f211252c6d1e46158f43b33e6fa8ec871533b11 5564
virglrenderer_0.8.1-1.debian.tar.xz
38fb9364f93102e7d37b0df88261b13924fb1aab 8250
virglrenderer_0.8.1-1_source.buildinfo
Checksums-Sha256:
57a5ab42b8fcc613d0c168bb3a755b2da225e7f7568114a302bf799c24a19bd1 2122
virglrenderer_0.8.1-1.dsc
f7872ac5bc8301361174fb37f1aa10c20120171a024e2b2a7850f1ae98b4d035 1762048
virglrenderer_0.8.1.orig.tar.bz2
3189919fd0816d70fdb112860c9a77487a38fb6a8c3ad5d1d21689033a19e1cd 5564
virglrenderer_0.8.1-1.debian.tar.xz
bdce4ee91327d1ba5dea8639486a3b09d365099ed5548cc8b96eac6f714bbb4e 8250
virglrenderer_0.8.1-1_source.buildinfo
Files:
bacc2b9676e8168b0262854b1217cc9f 2122 libs optional virglrenderer_0.8.1-1.dsc
08fba6fcc7034b5a0a8e155704f8a86a 1762048 libs optional
virglrenderer_0.8.1.orig.tar.bz2
0dab8571355f7b808ef6e9027f29ef8b 5564 libs optional
virglrenderer_0.8.1-1.debian.tar.xz
bd4e12e40c7933159b4395383841cfb5 8250 libs optional
virglrenderer_0.8.1-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEELtRZww6NuKjZPKd6l/LU/KCfME4FAl39BJ0ACgkQl/LU/KCf
ME6t3w//VzjwNxcUa1rp3ePzJuV59MGmAsou0l2Lq5qmOSFlwTNJen+0hVZ4tYds
ciUI/XsjMp2IwZt9mwGpsp8TvxRxo2gHg6H+Vg1ZIoz9ce9Vw80AVIONaZ/GvtPW
lfgSXuhwZAgUHDC6lQ/cyHqDRnNkRd4XSBsXZasYydaHPL8XB8YJk/RBftkPCTi6
nojF8JjsM1O6+2goRWzxpF9OVHvigj1ZrCZgLLmoslArW2Zw8aHYBtw7dzbnaWhY
4+v3y58KRBj4Avzc+v9tJ8qhHr4Yz5L/PwaEBrwdFrHC+/9FnELvPfPlaKfEnnIP
a5BcoAa3i5sqbX3ytHHxqxdLpbeP/nrCJvSplrx1viCGRQ2Czd7StDNlsdalug8+
36so/HEkpd0OnCf1Z4C09G3D36QffTQVvD5miXmdyFyCsYji2ZZ+e3MdplhCnBdf
3+wSMAbIi1NBJvATrKeSvjfGaI0IlbRguKH8pabgN8oabPGQn3xyFTINIrBfYHAe
gy9G+9OIarjTwRjo4wgv2UvbBRpcWKBbTcspG2VtZ5WAOM4K8Y7ezh3ibntY4dY9
bN804s4hJXfq3JZD0+CcXgUrpR9VouxlnAEYyindfG9XrT1mWp8JWZ8ZM2nCDXZ/
YG6sJDMdc8HkoOURKUWjz0BOW+x7ZGEbu/DAzDhjLmgYSyr2REY=
=kxBc
-----END PGP SIGNATURE-----
--- End Message ---
