Debian Bug report logs -
#852603
virglrenderer: CVE-2016-10163
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Wed, 25 Jan 2017 14:54:02 UTC
Severity: grave
Tags: patch, security, upstream
Found in version virglrenderer/0.5.0-1
Fixed in version virglrenderer/0.6.0-1
Done: Mateusz Łukasik <mati75@linuxmint.pl>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian QA Group <packages@qa.debian.org>:
Bug#852603; Package src:virglrenderer.
(Wed, 25 Jan 2017 14:54:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian QA Group <packages@qa.debian.org>.
(Wed, 25 Jan 2017 14:54:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: virglrenderer
Version: 0.5.0-1
Severity: important
Tags: upstream security patch
Hi,
the following vulnerability was published for virglrenderer.
CVE-2016-10163[0]:
host memory leakage when creating decode context
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-10163
Regards,
Salvatore
Severity set to 'grave' from 'important'
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Wed, 25 Jan 2017 15:00:16 GMT) (full text, mbox, link).
Reply sent
to Mateusz Łukasik <mati75@linuxmint.pl>:
You have taken responsibility.
(Mon, 21 Aug 2017 20:57:11 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Mon, 21 Aug 2017 20:57:11 GMT) (full text, mbox, link).
Message #12 received at 852603-close@bugs.debian.org (full text, mbox, reply):
Source: virglrenderer
Source-Version: 0.6.0-1
We believe that the bug you reported is fixed in the latest version of
virglrenderer, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 852603@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Mateusz Łukasik <mati75@linuxmint.pl> (supplier of updated virglrenderer package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 21 Aug 2017 20:16:15 +0200
Source: virglrenderer
Binary: libvirglrenderer0 libvirglrenderer-dev
Architecture: source
Version: 0.6.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian QA Group <packages@qa.debian.org>
Changed-By: Mateusz Łukasik <mati75@linuxmint.pl>
Description:
libvirglrenderer-dev - virtual GPU for KVM virtualization - headers
libvirglrenderer0 - virtual GPU for KVM virtualization
Closes: 852603
Changes:
virglrenderer (0.6.0-1) unstable; urgency=medium
.
* QA upload.
* New upstream release. (Closes: #852603 #852604 #858255 #854728)
* debian/control:
- Bump Standards-Version to 4.0.1.
- Bump dh version to 10.
- Drop from B-D dh-autoreconf, autotools-dev, dpkg-dev no longer needed.
- Update homepage.
- Use secured VCS links.
Checksums-Sha1:
4a30b7d12d2fa31c2f7ec0c9448bf751f2265070 1724 virglrenderer_0.6.0-1.dsc
3f48d665e8776a45f7f6ffa851e960e6761d872a 545211 virglrenderer_0.6.0.orig.tar.bz2
735df2ee0df169df7501ff4206f10ef8ceddf049 3720 virglrenderer_0.6.0-1.debian.tar.xz
46d898b6a41a1307f79d19431d96404f5d407d44 5631 virglrenderer_0.6.0-1_source.buildinfo
Checksums-Sha256:
c2b31b531a18d0567d31c14893e03a32af8a9b28a18c0b05929541b3013c18f2 1724 virglrenderer_0.6.0-1.dsc
a549e351e0eb2ad1df471386ddcf85f522e7202808d1616ee9ff894209066e1a 545211 virglrenderer_0.6.0.orig.tar.bz2
5ee27609f694b6c0d6f475b8661175314d1793120987aaf45b26b8d0b22e8ccc 3720 virglrenderer_0.6.0-1.debian.tar.xz
0d0efc97f5d0ddeb53bef0668fe5c95959d0d6337f235c4929fb00b0726a4fdb 5631 virglrenderer_0.6.0-1_source.buildinfo
Files:
9d795cdc42af6eb51313f0a7e566533b 1724 libs extra virglrenderer_0.6.0-1.dsc
3afe7895e87a32cda9789ea34298253a 545211 libs extra virglrenderer_0.6.0.orig.tar.bz2
f693cfcc253aac3471696e4d5167eea1 3720 libs extra virglrenderer_0.6.0-1.debian.tar.xz
c2774df6a9a54d415bf64f8dc6265e96 5631 libs extra virglrenderer_0.6.0-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCgAdFiEE/Zzi2Nd1S3irJ5u9LDtDb+rGgQEFAlmbN0AACgkQLDtDb+rG
gQF29Af/fHriu5e3VDC8BxzOGYD0ZXCUw4K7UQ+oam2IJFLCeyOc+0M96qKIhMHT
vXYF5rSeIoMvkQq1FAUP2Y/hDts+/RzQewO2rJsU9dovImwKe3GkcilDwNO9xttU
j3b4y/ZSct2cQM/FElJJqwt5yb1sdRu31LFn0nVpeFdMBh+d5LlQ2qQ92YiV4+xy
tU6ylJ7rY6CEKBNAGGqce8NoEEg9AK4mAPhXfP3CYgH+3tSQxt3bnb2j8rxM0lAA
mX9nMKP17zgu8xMBmRLu4paKqmvNJXjG3QWqm0ciACHpYa6d+8aLFPWDsN/0f6ul
lsUQbZzGZeCSE8zHEFU/Ku7xTOXvfg==
=GLC9
-----END PGP SIGNATURE-----
Message sent on
to Salvatore Bonaccorso <carnil@debian.org>:
Bug#852603.
(Tue, 22 Aug 2017 05:24:12 GMT) (full text, mbox, link).
Message #15 received at 852603-submitter@bugs.debian.org (full text, mbox, reply):
close 858255 0.6.0-1
close 854728 0.6.0-1
close 852604 0.6.0-1
close 852603 0.6.0-1
thanks
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Wed, 27 Sep 2017 07:25:16 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:44:56 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon