Bug#1025700: bullseye-pu: package virglrenderer/0.8.2-5+deb11u1

To: Tobias Frost <tobi@debian.org>, 1025700@bugs.debian.org
Subject: Bug#1025700: bullseye-pu: package virglrenderer/0.8.2-5+deb11u1
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Wed, 07 Dec 2022 20:40:46 +0000
Message-id: <[🔎] 95c8561171921cb03d13f26c3bc9439e05b4b650.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 1025700@bugs.debian.org
In-reply-to: <[🔎] 167043252899.475008.6296159723099126201.reportbug@isildor.loewenhoehle.ip>
References: <[🔎] 167043252899.475008.6296159723099126201.reportbug@isildor.loewenhoehle.ip> <[🔎] 167043252899.475008.6296159723099126201.reportbug@isildor.loewenhoehle.ip>

Control: tags -1 + confirmed

On Wed, 2022-12-07 at 18:02 +0100, Tobias Frost wrote:
> I'm currently preparing a security update for virglrenderer for LTS
> and figured out that there is one of the fixed CVEs is not adressed
> in bullseye
> yet.
> 
> The CVE fixed is CVE-2022-0135: (#1009073)
> 
[...]
>  An out-of-bounds write issue was found in the VirGL virtual OpenGL
> renderer
>  (virglrenderer). This flaw allows a malicious guest to create a
> specially
>  crafted virgil resource and then issue a VIRTGPU_EXECBUFFER ioctl,
> leading to a
>  denial of service or possible code execution.
> 

Please go ahead.

Regards,

Adam

Reply to:

References:
- Bug#1025700: bullseye-pu: package virglrenderer/0.8.2-5+deb11u1
  - From: Tobias Frost <tobi@debian.org>

Prev by Date: Processed: Re: Bug#1025601: bullseye-pu: package leptonlib/1.79.0-1.1+deb11u1
Next by Date: Processed: Re: Bug#1025700: bullseye-pu: package virglrenderer/0.8.2-5+deb11u1
Previous by thread: Bug#1025700: bullseye-pu: package virglrenderer/0.8.2-5+deb11u1
Next by thread: Processed: Re: Bug#1025700: bullseye-pu: package virglrenderer/0.8.2-5+deb11u1
Index(es):
- Date
- Thread