[Git][security-tracker-team/security-tracker][master] Add CVE-2019-18391/virglrenderer

Thu Dec 19 06:31:08 GMT 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a6a188d6 by Salvatore Bonaccorso at 2019-12-19T06:30:54Z
Add CVE-2019-18391/virglrenderer

Track under the same Debian BTS bug #946942 as CVE-2019-18389 already as
both CVE assignment originate from the same upstream merge request
covering several issues.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -10550,8 +10550,11 @@ CVE-2019-18393 (PluginServlet.java in Ignite Realtime Openfire through 4.4.2 doe
 	NOT-FOR-US: Ignite Realtime Openfire
 CVE-2019-18392
 	RESERVED
-CVE-2019-18391
+CVE-2019-18391 [heap based buffer overflow in the vrend_renderer_transfer_write_iov function]
 	RESERVED
+	- virglrenderer <unfixed> (bug #946942)
+	NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/314
+	NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/commit/2abeb1802e3c005b17a7123e382171b3fb665971
 CVE-2019-18390
 	RESERVED
 CVE-2019-18389 [heap buffer overflow in the vrend_renderer_transfer_write_iov function]



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a6a188d608e51850feca3e24f1c1c88659a2bbde

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a6a188d608e51850feca3e24f1c1c88659a2bbde
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191219/96cec438/attachment.html>
