Bug#852603: marked as done (virglrenderer: CVE-2016-10163)

To: Mateusz Łukasik <mati75@linuxmint.pl>
Subject: Bug#852603: marked as done (virglrenderer: CVE-2016-10163)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Mon, 21 Aug 2017 20:57:11 +0000
Message-id: <[🔎] handler.852603.D852603.150334898412483.ackdone@bugs.debian.org>
Reply-to: 852603@bugs.debian.org
References: <E1djtkD-0001aN-8o@fasolo.debian.org> <148535591226.27393.11213277660272001456.reportbug@lorien.valinor.li>

Your message dated Mon, 21 Aug 2017 20:56:21 +0000
with message-id <E1djtkD-0001aN-8o@fasolo.debian.org>
and subject line Bug#852603: fixed in virglrenderer 0.6.0-1
has caused the Debian Bug report #852603,
regarding virglrenderer: CVE-2016-10163
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
852603: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852603
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: virglrenderer: CVE-2016-10163

From: Salvatore Bonaccorso <carnil@debian.org>

Date: Wed, 25 Jan 2017 15:51:52 +0100

Message-id: <148535591226.27393.11213277660272001456.reportbug@lorien.valinor.li>
Source: virglrenderer
Version: 0.5.0-1
Severity: important
Tags: upstream security patch

Hi,

the following vulnerability was published for virglrenderer.

CVE-2016-10163[0]:
host memory leakage when creating decode context

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-10163

Regards,
Salvatore
--- End Message ---

--- Begin Message ---

To: 852603-close@bugs.debian.org
Subject: Bug#852603: fixed in virglrenderer 0.6.0-1
From: Mateusz Łukasik <mati75@linuxmint.pl>
Date: Mon, 21 Aug 2017 20:56:21 +0000
Message-id: <E1djtkD-0001aN-8o@fasolo.debian.org>

Source: virglrenderer
Source-Version: 0.6.0-1

We believe that the bug you reported is fixed in the latest version of
virglrenderer, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 852603@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Mateusz Łukasik <mati75@linuxmint.pl> (supplier of updated virglrenderer package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 21 Aug 2017 20:16:15 +0200
Source: virglrenderer
Binary: libvirglrenderer0 libvirglrenderer-dev
Architecture: source
Version: 0.6.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian QA Group <packages@qa.debian.org>
Changed-By: Mateusz Łukasik <mati75@linuxmint.pl>
Description:
 libvirglrenderer-dev - virtual GPU for KVM virtualization - headers
 libvirglrenderer0 - virtual GPU for KVM virtualization
Closes: 852603
Changes:
 virglrenderer (0.6.0-1) unstable; urgency=medium
 .
   * QA upload.
   * New upstream release. (Closes: #852603 #852604 #858255 #854728)
   * debian/control:
     - Bump Standards-Version to 4.0.1.
     - Bump dh version to 10.
     - Drop from B-D dh-autoreconf, autotools-dev, dpkg-dev no longer needed.
     - Update homepage.
     - Use secured VCS links.
Checksums-Sha1:
 4a30b7d12d2fa31c2f7ec0c9448bf751f2265070 1724 virglrenderer_0.6.0-1.dsc
 3f48d665e8776a45f7f6ffa851e960e6761d872a 545211 virglrenderer_0.6.0.orig.tar.bz2
 735df2ee0df169df7501ff4206f10ef8ceddf049 3720 virglrenderer_0.6.0-1.debian.tar.xz
 46d898b6a41a1307f79d19431d96404f5d407d44 5631 virglrenderer_0.6.0-1_source.buildinfo
Checksums-Sha256:
 c2b31b531a18d0567d31c14893e03a32af8a9b28a18c0b05929541b3013c18f2 1724 virglrenderer_0.6.0-1.dsc
 a549e351e0eb2ad1df471386ddcf85f522e7202808d1616ee9ff894209066e1a 545211 virglrenderer_0.6.0.orig.tar.bz2
 5ee27609f694b6c0d6f475b8661175314d1793120987aaf45b26b8d0b22e8ccc 3720 virglrenderer_0.6.0-1.debian.tar.xz
 0d0efc97f5d0ddeb53bef0668fe5c95959d0d6337f235c4929fb00b0726a4fdb 5631 virglrenderer_0.6.0-1_source.buildinfo
Files:
 9d795cdc42af6eb51313f0a7e566533b 1724 libs extra virglrenderer_0.6.0-1.dsc
 3afe7895e87a32cda9789ea34298253a 545211 libs extra virglrenderer_0.6.0.orig.tar.bz2
 f693cfcc253aac3471696e4d5167eea1 3720 libs extra virglrenderer_0.6.0-1.debian.tar.xz
 c2774df6a9a54d415bf64f8dc6265e96 5631 libs extra virglrenderer_0.6.0-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEE/Zzi2Nd1S3irJ5u9LDtDb+rGgQEFAlmbN0AACgkQLDtDb+rG
gQF29Af/fHriu5e3VDC8BxzOGYD0ZXCUw4K7UQ+oam2IJFLCeyOc+0M96qKIhMHT
vXYF5rSeIoMvkQq1FAUP2Y/hDts+/RzQewO2rJsU9dovImwKe3GkcilDwNO9xttU
j3b4y/ZSct2cQM/FElJJqwt5yb1sdRu31LFn0nVpeFdMBh+d5LlQ2qQ92YiV4+xy
tU6ylJ7rY6CEKBNAGGqce8NoEEg9AK4mAPhXfP3CYgH+3tSQxt3bnb2j8rxM0lAA
mX9nMKP17zgu8xMBmRLu4paKqmvNJXjG3QWqm0ciACHpYa6d+8aLFPWDsN/0f6ul
lsUQbZzGZeCSE8zHEFU/Ku7xTOXvfg==
=GLC9
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

Prev by Date: Bug#865576: marked as done (guilt FTBFS with git 2.13.1: test failures)
Next by Date: virglrenderer_0.6.0-1_source.changes ACCEPTED into unstable
Previous by thread: Bug#865576: marked as done (guilt FTBFS with git 2.13.1: test failures)
Next by thread: virglrenderer_0.6.0-1_source.changes ACCEPTED into unstable
Index(es):
- Date
- Thread