-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 07 Dec 2022 17:13:46 +0100 Source: virglrenderer Architecture: source Version: 0.7.0-2+deb10u1 Distribution: buster-security Urgency: medium Maintainer: Gert Wollny <gewo@debian.org> Changed-By: Tobias Frost <tobi@debian.org> Closes: 946942 949954 1009073 Changes: virglrenderer (0.7.0-2+deb10u1) buster-security; urgency=medium . * Non-maintainer upload by the LTS Security Team. * Cherry-picking upstream fixes for: - CVE-2019-18388, CVE-2019-18390 - CVE-2019-18389, CVE-2019-18391 (Closes: #946942) - CVE-2020-8002, CVE-2020-8003 (Closes: #949954) - CVE-2022-0135 (Closes: #1009073) - Cherry-pick commit that avoid crash if illegal resource is provided. (Upstream issue #143) * Update test suite with changes needed by the CVE patches. * Add test_fuzzer_formats targeting above CVEs. * Enable test suite in d/rules, but ignore result (as the test needs to use OpenGL, this might not be available on the buildds.) Checksums-Sha1: e3a91d9ceb9a8cbfc687eb30223a7c33a74e4e60 2081 virglrenderer_0.7.0-2+deb10u1.dsc 31d4545facb7e884aca929408632749b65a99416 590102 virglrenderer_0.7.0.orig.tar.bz2 f91a229f1dff1b9534c819a705e6cf89355a6949 13444 virglrenderer_0.7.0-2+deb10u1.debian.tar.xz e6136c61a0ea19b6c481db73beb655b1add28c7a 9525 virglrenderer_0.7.0-2+deb10u1_amd64.buildinfo Checksums-Sha256: ad31ad9f68f38d32e22beafa5b6c5acf482ae9107685fd7f5b9ad9b69933d5d2 2081 virglrenderer_0.7.0-2+deb10u1.dsc 15ec0290ca0a2d175d6e5dc695938640c53d2c020e0c0f8a781045d3c27b2a10 590102 virglrenderer_0.7.0.orig.tar.bz2 3daf2f2776213748f2f61cf3d172db607440b738721e322eb5d75d87a1e770d5 13444 virglrenderer_0.7.0-2+deb10u1.debian.tar.xz 0745855e7cd2f22ef6babba4498830ce2fde584bfc020bd4e285ec77ec35677c 9525 virglrenderer_0.7.0-2+deb10u1_amd64.buildinfo Files: c5a02d756c3d152ffd1ec845062df620 2081 libs optional virglrenderer_0.7.0-2+deb10u1.dsc f46ff65025c869c0ae86ba337cc699c2 590102 libs optional virglrenderer_0.7.0.orig.tar.bz2 5b290142711b3ab1440e96544d198c0e 13444 libs optional virglrenderer_0.7.0-2+deb10u1.debian.tar.xz 79a14d6d0e1b9f195b30b09993e93154 9525 libs optional virglrenderer_0.7.0-2+deb10u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEE/d0M/zhkJ3YwohhskWT6HRe9XTYFAmOQvPoACgkQkWT6HRe9 XTa9YA/+M4GhUqWVNGQDjcwD2fqek+VOIK5KeyIU6KMfZa/VBJBulSltGpoibzNl qo7Ku0B77N2CrsDtFkogf/FE7m1OWiDl3VocbQ0R6jHB65xfrP6RWyyFkxHcGtiA OBtcHFo1kYp6qf+9KwqLYAMoTdu8wvkPZHDuVmSGo6BkLqFuvD45KwDvOdQuxB8c Jfj/TXmWyiBX+ffmiqui27TQtJaapFzkyqUDBbc9YnFSFD+302SmMKLy1BkiNwr4 NvUU0ioX6nQnsV9d0o4JpIIU+LlkaAVyjyBvj/PESrLJNiXpni19RlYMiqQ+4xDs DytAq/Gfe4avXDCjdFg+K1FlXYXkovAr8aFnH5kRcPVbBiTAMxppGHICLVGWpRhU TuKLy9Onz254lxcL37ch7LLVbBuW54rajY3ES2r2qrtb5sucMezrM61xNYaIN543 bp3qXAUBWZxqqtF+lwPnqYrFIBZxhYuH4YPkp8q9bgJb8QBi4DFGQPU5Gyef8A1R 2vY/CgprhARLwLf1FL33PmIL/ITUQyu4x2n0zgxAbfeOLSJVk97gNiceZhPACvo3 t1buOAc4EoFMasNEiejX3jy5x8FZ+QhlD4ZRJuYLw8C8bGa4/fXw8/BGmuj20plB j/SUSZNMVNcGzAj9oyu/FVSa+iwJyWQWFoT7FLkATkqUrRTPF38= =1tPC -----END PGP SIGNATURE-----