From ${URL} : Virgil 3d project, used by Quick Emulator(Qemu) to implement 3D GPU support for the virtio GPU, is vulnerable to a memory leakageissue. It could occur while in add_shader_program(). A guest user/process could use this flaw to leak host memory resulting in DoS. Upstream patch: --------------- -> https://cgit.freedesktop.org/virglrenderer/commit/?id=a2f12a1b0f95b13b6f8dc3d05d7b74b4386394e4 Reference: ---------- -> http://www.openwall.com/lists/oss-security/2017/02/24/5 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
commit 07f72dae992b1dd9a13489da0238edd6bd5f6337 Author: Matthias Maier <tamiko@gentoo.org> Date: Wed May 3 00:55:44 2017 -0500 media-libs/virglrenderer: version bump to 0.6.0 This is a hand-packaged version of upstream commit 737c3350850ca4dbc5633b3bdb4118176ce59920 (version 0.6.0 with two additional security patches) containing fixes for the following security issues: CVE-2016-10163, bug #606996 CVE-2017-5580, bug #607022 CVE-2016-10214, bug #608734 CVE-2017-5957, bug #609400 CVE-2017-5956, bug #609402 CVE-2017-5993, bug #609492 CVE-2017-5994, bug #609494 CVE-2017-6210, bug #610678 CVE-2017-6209, bug #610680 CVE-2017-6386, bug #611378 CVE-2017-6355, bug #611380 CVE-2017-6317, bug #611382 Package-Manager: Portage-2.3.5, Repoman-2.3.2
Arches, please stabilize =media-libs/virglrenderer-0.6.0 Target-keywords: "amd64 x86"
amd64 stable
x86 stable. Maintainer(s), please cleanup. Security, please vote.
Arches and Maintainer(s), Thank you for your work. Maintainer(s), please drop the vulnerable version(s).
commit 52fcce66174f326a1b1647b443f89dc7db39303c Author: Matthias Maier <tamiko@gentoo.org> Date: Thu May 4 20:06:58 2017 -0500 media-libs/virglrenderer: drop vulnerable, bug #611382 Package-Manager: Portage-2.3.5, Repoman-2.3.2
This issue was resolved and addressed in GLSA 201707-06 at https://security.gentoo.org/glsa/201707-06 by GLSA coordinator Thomas Deutschmann (whissi).
