Your message dated Wed, 12 Feb 2020 14:36:43 +0000
with message-id <e1j1t87-000eeu...@fasolo.debian.org>
and subject line Bug#949954: fixed in virglrenderer 0.8.2-1
has caused the Debian Bug report #949954,
regarding virglrenderer: CVE-2020-8002 CVE-2020-8003
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
949954: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949954
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: virglrenderer
Version: 0.8.1-6
Severity: grave
Tags: security upstream
Control: found -1 0.7.0-2
Hi,
The following vulnerabilities were published for virglrenderer.
CVE-2020-8002[0]:
| A NULL pointer dereference in vrend_renderer.c in virglrenderer
| through 0.8.1 allows attackers to cause a denial of service via
| commands that attempt to launch a grid without previously providing a
| Compute Shader (CS).
CVE-2020-8003[1]:
| A double-free vulnerability in vrend_renderer.c in virglrenderer
| through 0.8.1 allows attackers to cause a denial of service by
| triggering texture allocation failure, because
| vrend_renderer_resource_allocated_texture is not an appropriate place
| for a free.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-8002
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8002
https://gitlab.freedesktop.org/virgl/virglrenderer/commit/63bcca251f093d83da7e290ab4bbd38ae69089b5
[1] https://security-tracker.debian.org/tracker/CVE-2020-8003
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8003
https://gitlab.freedesktop.org/virgl/virglrenderer/commit/522b610a826f6de58c560cbb38fa8dfc65ae3c42
[2] https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/340
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: virglrenderer
Source-Version: 0.8.2-1
We believe that the bug you reported is fixed in the latest version of
virglrenderer, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 949...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Gert Wollny <g...@debian.org> (supplier of updated virglrenderer package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 12 Feb 2020 14:51:10 +0100
Source: virglrenderer
Architecture: source
Version: 0.8.2-1
Distribution: unstable
Urgency: medium
Maintainer: Gert Wollny <g...@debian.org>
Changed-By: Gert Wollny <g...@debian.org>
Closes: 949954
Changes:
virglrenderer (0.8.2-1) unstable; urgency=medium
.
* New upstream version 0.8.2 Closes: #949954
* d/patches: remove all patches since they were applied upstream
* Fixes: CVE-2020-8002 CVE-2020-8003
Checksums-Sha1:
5d2e4a46c4de7fe1da5dfc7e7676bcbd6fd25b0a 2122 virglrenderer_0.8.2-1.dsc
043cc920bde8dbba32aa2cd977894de5d0370477 1764287
virglrenderer_0.8.2.orig.tar.bz2
0234138a99f022644fbf48aa413d4667d4604325 5852
virglrenderer_0.8.2-1.debian.tar.xz
fda290eab4682265641ee965bb6b40be8ce0f7e8 9070
virglrenderer_0.8.2-1_source.buildinfo
Checksums-Sha256:
28606afc6d80f5002d1f850d605fb39715b56ae251999518c1f9a2f3d1750731 2122
virglrenderer_0.8.2-1.dsc
02cde23dbb5ff2b928d7c01fff762a35e1cffc0549f56b0cee53dab758c96326 1764287
virglrenderer_0.8.2.orig.tar.bz2
9cea1e4d3579464faeef702f32a34b6049dbd5e328a586a3434117bef63bcd26 5852
virglrenderer_0.8.2-1.debian.tar.xz
7380795b8275778e0dcf2946b57ee894381e59b2204bd6e070b982105b6b4dd1 9070
virglrenderer_0.8.2-1_source.buildinfo
Files:
82504349ec17356fd40082c9099f1c1b 2122 libs optional virglrenderer_0.8.2-1.dsc
58d7e94dcd04943a0a167347711315ac 1764287 libs optional
virglrenderer_0.8.2.orig.tar.bz2
c9e69d39ae2ff25ed52415d977362019 5852 libs optional
virglrenderer_0.8.2-1.debian.tar.xz
83ebda16494385ed74ddfe14a0b63c02 9070 libs optional
virglrenderer_0.8.2-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEELtRZww6NuKjZPKd6l/LU/KCfME4FAl5EAwgACgkQl/LU/KCf
ME6tDw//Zp3IcvawSijDsXKruWXMRJS2vGXp3PznkArojTijGZC1167FXlXZiaJI
V5WZu89QZYJXoSw1m0bAqUDAMQwAOq5YiVn4jnRBdf1hRCVNxV14AJ1daVldhSyz
Z/k4I/8hA0t/XPfWqLgW7GTPpwikU0LuKuGYXT8afOMa4CuatcPRkwmNDnSjEUgc
4YkOC71RuBSzDos54UNEQufqt40Z6A10vlMMatJWFJvXgk0/SfFPku6jsHyEmxjy
FNI5LBsEhakTiRBxP8wQ0OGMHQMTj21dNEMnR/I7UsLgQxWM7sSqZzzHsAH5pxX6
Is3n1+6loqJyYIsk3PeY6cO0un/1hoZmXAVQs4zaS0jv23T5TuqIOfEozifpkKxV
G6pAOZ9HU5XIVE8QqtbXuUfFgi0HJaA/oGJd5Qeel/c5+lX/e+cyRCBnfXefnbL4
eZmnVBlIj32AEFzvxXoABA2uJvAjNx03LtB5ldAMkzwUslNl0SeKmoXgWs0MrFcP
1cYCb5YK12rib5RumiU23JbLMkN/J6FKCTF3C0f7PbcqWgOREA7oB4yc5nEpyaMg
iDp9wSQIZCb7a7yLObVzli7UTvtTZWifoEaaZhmgT3gPGFHo3DNeYz7DeKmhEsoR
hrAj/UaWdzTlovzQlOB6QQYQWMUn8zR3w4rnX2FNpvEOOjQZgsY=
=M3Q2
-----END PGP SIGNATURE-----
--- End Message ---
