Hello Mesa developers,I am a Security engineer at SUSE and I am contacting you today to ask more about the security fix for the for WebGPU out-of-bounds memory access issue mentioned in the recent Mesa 26.0.1 release announcement.
We are trying to identify the necessary commits that need to be backported in order to patch our older version Mesa packages, and, after some analysis, we consider the commits from the https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/39866 MR as being possible candidates. Would it be possible to confirm that these are the changes addressing the reported WebGPU security issue? If these are not the commits that should be considered the fixes, would it be possible to share which commits/MRs would allow us to fix the issue in older releases of Mesa?
Thanks in advance for any information you are able to provide! Regards, -- Camila Camargo de Matos Security Engineer @ SUSE Software Solutions GPG: B9DF 0F03 0640 E780 6B47 E60E BF36 BDE9 D034 30D1
OpenPGP_signature.asc
Description: OpenPGP digital signature
