Hi, As also figured out by SUSE engineers in another email here, https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/39866 are the two commits fixing that issue.
When possible, updating would be preferable rather than backporting a couple of commits, but if that's not an option then yes, please backport these two commits :) On 2026-02-26 at 13:12 UTC+01:00, Stefan Dirsch <[email protected]> wrote: > Hi Eric > > On Wed, Feb 25, 2026 at 05:39:15PM +0100, Eric Engestrom wrote: >> Hello everyone, >> >> The bugfix release 26.0.1 is now available. >> >> This release and 25.3.6 (already out) contain a security fix preventing >> out-of-bounds memory access in WebGPU. >> They should be deployed to users as quickly as possible. > > Is it just me, for whom it isn't obvious ... ? > > @Eric (or anybody else) Could you please give me some hint, which commit(s) > fixed the security issue, so one/I can figure out whether older Mesa releases > are affected as well? So distributions like (open)SUSE can try backporting > this fix ... > > Thanks, > Stefan > > Public Key available > ------------------------------------------------------ > Stefan Dirsch (Res. & Dev.) SUSE Software Solutions Germany GmbH > Tel: 0911-740 53 0 Frankenstraße 146 > FAX: 0911-740 53 479 D-90461 Nürnberg > http://www.suse.de Germany > ---------------------------------------------------------------- > Geschäftsführer: Jochen Jaser, Andrew McDonald, Werner Knoblich > (HRB 36809, AG Nürnberg) > ----------------------------------------------------------------
