[Git][security-tracker-team/security-tracker][master] Reserve DLA-3232-1 for virglrenderer
Tobias Frost (@tobi)
tobi at debian.org
Wed Dec 7 17:09:16 GMT 2022
Tobias Frost pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b6bc211d by Tobias Frost at 2022-12-07T18:08:59+01:00
Reserve DLA-3232-1 for virglrenderer
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -206716,11 +206716,9 @@ CVE-2019-20433 (libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read f
NOTE: Recommended additionally: https://github.com/GNUAspell/aspell/commit/cefd447e5528b08bb0cd6656bc52b4255692cefc
CVE-2020-8003 (A double-free vulnerability in vrend_renderer.c in virglrenderer throu ...)
- virglrenderer 0.8.2-1 (bug #949954)
- [buster] - virglrenderer <no-dsa> (Minor issue)
NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/commit/522b610a826f6de58c560cbb38fa8dfc65ae3c42
CVE-2020-8002 (A NULL pointer dereference in vrend_renderer.c in virglrenderer throug ...)
- virglrenderer 0.8.2-1 (bug #949954)
- [buster] - virglrenderer <no-dsa> (Minor issue)
NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/commit/63bcca251f093d83da7e290ab4bbd38ae69089b5
CVE-2020-8001 (The Intellian Aptus application 1.0.2 for Android has a hardcoded pass ...)
NOT-FOR-US: Intellian Aptus application for Android
@@ -229387,23 +229385,19 @@ CVE-2019-18392
REJECTED
CVE-2019-18391 (A heap-based buffer overflow in the vrend_renderer_transfer_write_iov ...)
- virglrenderer 0.8.1-1 (bug #946942)
- [buster] - virglrenderer <no-dsa> (Minor issue)
NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/314
NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/commit/2abeb1802e3c005b17a7123e382171b3fb665971
CVE-2019-18390 (An out-of-bounds read in the vrend_blit_need_swizzle function in vrend ...)
- virglrenderer 0.8.1-1
- [buster] - virglrenderer <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1765584
NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/commit/24f67de7a9088a873844a39be03cee6882260ac9
NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/314/diffs?commit_id=d2cdbcf6a8f2317f250fd54f08aa35dde2fa3e30#3cd772559e0d73afa136d6818023cfd0c4c8ecc0_0_151
CVE-2019-18389 (A heap-based buffer overflow in the vrend_renderer_transfer_write_iov ...)
- virglrenderer 0.8.1-1 (bug #946942)
- [buster] - virglrenderer <no-dsa> (Minor issue)
NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/314
NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/commit/cbc8d8b75be360236cada63784046688aeb6d921
CVE-2019-18388 (A NULL pointer dereference in vrend_renderer.c in virglrenderer throug ...)
- virglrenderer 0.8.1-1
- [buster] - virglrenderer <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1765578
NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/commit/0d9a2c88dc3a70023541b3260b9f00c982abda16
NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/314/diffs?commit_id=d2cdbcf6a8f2317f250fd54f08aa35dde2fa3e30#diff-content-3cd772559e0d73afa136d6818023cfd0c4c8ecc0
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[07 Dec 2022] DLA-3232-1 virglrenderer - security update
+ {CVE-2019-18388 CVE-2019-18389 CVE-2019-18390 CVE-2019-18391 CVE-2020-8002 CVE-2020-8003 CVE-2022-0135}
+ [buster] - virglrenderer 0.7.0-2+deb10u1
[07 Dec 2022] DLA-3231-1 dlt-daemon - security update
{CVE-2020-29394 CVE-2020-36244 CVE-2022-31291}
[buster] - dlt-daemon 2.18.0-1+deb10u1
=====================================
data/dla-needed.txt
=====================================
@@ -305,9 +305,6 @@ trafficserver
NOTE: 20221114: https://people.debian.org/~abhijith/upload/trf/ (abhijith)
NOTE: 20221114: Asked upstream regarding CVE-2022-31779 (abhijith)
--
-virglrenderer (tobi)
- NOTE: 20221009: Programming language: C.
---
xdg-utils
NOTE: 20221120: Programming language: C.
NOTE: 20221120: no real fix yet
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b6bc211d288b0c9f6d08f139b3074529ba4d9573
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b6bc211d288b0c9f6d08f139b3074529ba4d9573
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221207/90651f09/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list