[Secure-testing-commits] r54957 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Tue Aug 22 05:19:23 UTC 2017
Author: carnil
Date: 2017-08-22 05:19:23 +0000 (Tue, 22 Aug 2017)
New Revision: 54957
Modified:
data/CVE/list
Log:
Record fixing version for virglrenderer
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-08-22 04:59:00 UTC (rev 54956)
+++ data/CVE/list 2017-08-22 05:19:23 UTC (rev 54957)
@@ -19748,7 +19748,7 @@
CVE-2013-7460 (A write protection and execution bypass vulnerability in McAfee (now ...)
NOT-FOR-US: Intel antivirus
CVE-2017-6355 (Integer overflow in the vrend_create_shader function in ...)
- - virglrenderer <unfixed> (bug #858255)
+ - virglrenderer 0.6.0-1 (bug #858255)
NOTE: Fixed by: https://cgit.freedesktop.org/virglrenderer/commit/?id=93761787b29f37fa627dea9082cdfc1a1ec608d6 (0.6.0)
CVE-2017-6354
RESERVED
@@ -19862,7 +19862,7 @@
[wheezy] - graphicsmagick <not-affected> (vulnerable code not present)
NOTE: Fixed by: https://sourceforge.net/p/graphicsmagick/code/ci/6156b4c2992d855ece6079653b3b93c3229fc4b8/
CVE-2017-6317 (Memory leak in the add_shader_program function in vrend_renderer.c in ...)
- - virglrenderer <unfixed> (bug #858255)
+ - virglrenderer 0.6.0-1 (bug #858255)
NOTE: https://cgit.freedesktop.org/virglrenderer/commit/?id=a2f12a1b0f95b13b6f8dc3d05d7b74b4386394e4 (0.6.0)
CVE-2017-6314 (The make_available_at_least function in io-tiff.c in gdk-pixbuf allows ...)
- gdk-pixbuf <unfixed> (bug #856448)
@@ -20157,10 +20157,10 @@
- linux 4.9.13-1
NOTE: Fixed by: https://git.kernel.org/linus/ccf7abb93af09ad0868ae9033d1ca8108bdaec82 (v4.10-rc8)
CVE-2017-6210 (The vrend_decode_reset function in vrend_decode.c in virglrenderer ...)
- - virglrenderer <unfixed> (bug #858255)
+ - virglrenderer 0.6.0-1 (bug #858255)
NOTE: Fixed by: https://cgit.freedesktop.org/virglrenderer/commit/?id=0a5dff15912207b83018485f83e067474e818bab (0.6.0)
CVE-2017-6209 (Stack-based buffer overflow in the parse_identifier function in ...)
- - virglrenderer <unfixed> (bug #858255)
+ - virglrenderer 0.6.0-1 (bug #858255)
NOTE: Fixed by: https://cgit.freedesktop.org/virglrenderer/commit/?id=e534b51ca3c3cd25f3990589932a9ed711c59b27 (0.6.0)
CVE-2017-6208
RESERVED
@@ -20671,11 +20671,11 @@
[jessie] - xen <no-dsa> (Too intrusive to backport)
NOTE: https://xenbits.xen.org/xsa/advisory-206.html
CVE-2017-5994 (Heap-based buffer overflow in the vrend_create_vertex_elements_state ...)
- - virglrenderer <unfixed> (bug #858255)
+ - virglrenderer 0.6.0-1 (bug #858255)
NOTE: https://cgit.freedesktop.org/virglrenderer/commit/?id=114688c526fe45f341d75ccd1d85473c3b08f7a7 (0.6.0)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1422452
CVE-2017-5993 (Memory leak in the vrend_renderer_init_blit_ctx function in ...)
- - virglrenderer <unfixed> (bug #858255)
+ - virglrenderer 0.6.0-1 (bug #858255)
NOTE: https://cgit.freedesktop.org/virglrenderer/commit/?id=6eb13f7a2dcf391ec9e19b4c2a79e68305f63c22 (0.6.0)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1422438
CVE-2017-5991 (An issue was discovered in Artifex Software, Inc. MuPDF before ...)
@@ -20825,11 +20825,11 @@
CVE-2017-5958
RESERVED
CVE-2017-5957 (Stack-based buffer overflow in the vrend_decode_set_framebuffer_state ...)
- - virglrenderer <unfixed> (bug #858255)
+ - virglrenderer 0.6.0-1 (bug #858255)
NOTE: https://cgit.freedesktop.org/virglrenderer/commit/?id=926b9b3460a48f6454d8bbe9e44313d86a65447f (0.6.0)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1421126
CVE-2017-5956 (The vrend_draw_vbo function in virglrenderer before 0.6.0 allows local ...)
- - virglrenderer <unfixed> (bug #858255)
+ - virglrenderer 0.6.0-1 (bug #858255)
NOTE: https://cgit.freedesktop.org/virglrenderer/commit/?id=a5ac49940c40ae415eac0cf912eac7070b4ba95d (0.6.0)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1421073
NOTE: The original fix opens a memory leak: http://www.openwall.com/lists/oss-security/2017/02/24/2
@@ -20919,11 +20919,11 @@
CVE-2017-5936 (OpenStack Nova-LXD before 13.1.1 uses the wrong name for the veth ...)
NOT-FOR-US: Nova-LXD
CVE-2017-5937 (The util_format_is_pure_uint function in vrend_renderer.c in Virgil 3d ...)
- - virglrenderer <unfixed> (bug #854728)
+ - virglrenderer 0.6.0-1 (bug #854728)
NOTE: https://cgit.freedesktop.org/virglrenderer/commit/?id=48f67f60967f963b698ec8df57ec6912a43d6282 (0.6.0)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1420246
CVE-2016-10214 (Memory leak in the virgl_resource_attach_backing function in ...)
- - virglrenderer <unfixed> (bug #854728)
+ - virglrenderer 0.6.0-1 (bug #854728)
NOTE: https://cgit.freedesktop.org/virglrenderer/commit/?id=40b0e7813325b08077b6f541b3989edb2d86d837 (0.6.0)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1420266
CVE-2017-5935
@@ -22238,7 +22238,7 @@
NOTE: Fixed by: https://cgit.freedesktop.org/xorg/lib/libXpm/commit/?id=d1167418f0fd02a27f617ec5afd6db053afbe185
NOTE: http://www.openwall.com/lists/oss-security/2017/01/22/2
CVE-2016-10163 (Memory leak in the vrend_renderer_context_create_internal function in ...)
- - virglrenderer <unfixed> (bug #852603)
+ - virglrenderer 0.6.0-1 (bug #852603)
NOTE: https://cgit.freedesktop.org/virglrenderer/commit/?id=747a293ff6055203e529f083896b823e22523fe7 (0.6.0)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1415944
CVE-2017-5581 (Buffer overflow in the ModifiablePixelBuffer::fillRect function in ...)
@@ -22246,7 +22246,7 @@
NOTE: https://github.com/TigerVNC/tigervnc/pull/399
NOTE: https://github.com/TigerVNC/tigervnc/commit/18c020124ff1b2441f714da2017f63dba50720ba
CVE-2017-5580 (The parse_instruction function in gallium/auxiliary/tgsi/tgsi_text.c ...)
- - virglrenderer <unfixed> (bug #852604)
+ - virglrenderer 0.6.0-1 (bug #852604)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1415986
NOTE: https://cgit.freedesktop.org/virglrenderer/commit/?id=28894a30a17a84529be102b21118e55d6c9f23fa (0.6.0)
NOTE: https://lists.freedesktop.org/archives/virglrenderer-devel/2017-January/000105.html
More information about the Secure-testing-commits
mailing list