| Summary: | <media-libs/mesa-{9.0.3,9.1}: Heap-buffer overflow in glGetUniform* (CVE-2012-5129) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | x11 |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://bugzilla.redhat.com/show_bug.cgi?id=883243 | ||
| Whiteboard: | A3 [glsa] | ||
| Package list: | Runtime testing required: | --- | |
|
Description
Agostino Sarubbo
2012-12-04 12:28:59 UTC
Fixed since 9.0.3/9.1. Do we want to stable 9.0.3, or just cleanup? mesa-9.0.3 is affected by CVE-2013-1993, so there is little point in stabilizing that. If/when upstream releases 9.0.4 with that fixed we will consider for stabilization. Well, we still have vulnerable stuff in tree. I don't suppose we can remove 9.0.*? CVE-2013-1993 is fixed in upstream's 9.0 branch, but no release was made from that branch since then. As some users still depend on old mesa, p.masking affected versions is probably better. Vulnerable versions no longer in tree No stabilization as per comments, 9.1.6 is stable. Added to existing GLSA draft. Maintainer(s), Thank you for your work! Vulnerable versions have been p.masked. This issue was resolved and addressed in GLSA 201404-06 at http://security.gentoo.org/glsa/glsa-201404-06.xml by GLSA coordinator Mikle Kolyada (Zlogene). |
