Hello, Eric and Mesa team. On 2/27/26 19:45, Eric Engestrom wrote:
Thank you very much for the quick response and confirmation of the fixing commits!That's correct. I guess I was hoping that rather than backporting a handful of commits, packagers would all update to the last release cycle (or the one before that), but yes, the two commits in that MR are the fix for that particular issue :)
Considering that this fix is addressing a relevant security issue, which was reported as being "[...] rather pressing due to the WebGPU exposure in modern web browsers", has the Mesa team considered the possibility of assigning a CVE ID for the issue?
I ask, because we want to ensure this can be properly tracked. If you think that a CVE is warranted in this case, we, the SUSE Security team*, *can make the request to save you the overhead.
Please let us know if you’d like us to proceed this way. Thanks in advance! Regards, -- Camila Camargo de Matos Security Engineer @ SUSE Software Solutions GPG: B9DF 0F03 0640 E780 6B47 E60E BF36 BDE9 D034 30D1
OpenPGP_signature.asc
Description: OpenPGP digital signature
