Register | Log in

virglrenderer

Choose email to subscribe with

general

source: virglrenderer (main)
version: 0.10.3-2
maintainer: Gert Wollny (DMD)
arch: any
std-ver: 4.6.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 0.7.0-2
stable: 0.8.2-5
testing: 0.10.3-2
unstable: 0.10.3-2

versioned links

0.7.0-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.8.2-5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.10.3-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libvirglrenderer-dev
libvirglrenderer1
virgl-server

action needed

7 security issues in buster high

There are 7 open security issues in buster.

1 important issue:

CVE-2022-0135: An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer (virglrenderer). This flaw allows a malicious guest to create a specially crafted virgil resource and then issue a VIRTGPU_EXECBUFFER ioctl, leading to a denial of service or possible code execution.

6 issues postponed or untriaged:

CVE-2020-8002: (needs triaging) A NULL pointer dereference in vrend_renderer.c in virglrenderer through 0.8.1 allows attackers to cause a denial of service via commands that attempt to launch a grid without previously providing a Compute Shader (CS).
CVE-2020-8003: (needs triaging) A double-free vulnerability in vrend_renderer.c in virglrenderer through 0.8.1 allows attackers to cause a denial of service by triggering texture allocation failure, because vrend_renderer_resource_allocated_texture is not an appropriate place for a free.
CVE-2019-18388: (needs triaging) A NULL pointer dereference in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via malformed commands.
CVE-2019-18389: (needs triaging) A heap-based buffer overflow in the vrend_renderer_transfer_write_iov function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service, or QEMU guest-to-host escape and code execution, via VIRGL_CCMD_RESOURCE_INLINE_WRITE commands.
CVE-2019-18390: (needs triaging) An out-of-bounds read in the vrend_blit_need_swizzle function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via VIRGL_CCMD_BLIT commands.
CVE-2019-18391: (needs triaging) A heap-based buffer overflow in the vrend_renderer_transfer_write_iov function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via VIRGL_CCMD_RESOURCE_INLINE_WRITE commands.

Created: 2022-07-04 Last update: 2022-10-26 06:31

Does not build reproducibly during testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2022-09-19 Last update: 2022-12-01 15:36

lintian reports 4 warnings normal

Lintian reports 4 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2022-10-21 Last update: 2022-10-21 10:35

1 low-priority security issue in bullseye low

There is 1 open security issue in bullseye.

1 issue left for the package maintainer to handle:

CVE-2022-0135: (needs triaging) An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer (virglrenderer). This flaw allows a malicious guest to create a specially crafted virgil resource and then issue a VIRTGPU_EXECBUFFER ioctl, leading to a denial of service or possible code execution.

You can find information about how to handle this issue in the security team's documentation.

Created: 2022-07-04 Last update: 2022-10-26 06:31

news

[2022-10-26] virglrenderer 0.10.3-2 MIGRATED to testing (Debian testing watch)
[2022-10-20] Accepted virglrenderer 0.10.3-2 (source) into unstable (Michael Tokarev)
[2022-10-20] Accepted virglrenderer 0.10.3-1.1 (source) into unstable (Michael Tokarev)
[2022-09-22] Accepted virglrenderer 0.10.3-1 (source) into unstable (Gert Wollny)
[2022-09-11] virglrenderer 0.10.1-1 MIGRATED to testing (Debian testing watch)
[2022-09-06] Accepted virglrenderer 0.10.1-1 (source) into unstable (Gert Wollny)
[2022-09-04] Accepted virglrenderer 0.10.0-1 (source) into unstable (Gert Wollny)
[2021-04-20] Accepted virglrenderer 0.9.1-1~exp1 (source) into experimental (Gert Wollny)
[2021-04-06] Accepted virglrenderer 0.9.0-1~exp1 (source) into experimental (Gert Wollny)
[2020-12-12] virglrenderer 0.8.2-5 MIGRATED to testing (Debian testing watch)
[2020-12-07] Accepted virglrenderer 0.8.2-5 (source) into unstable (Gert Wollny)
[2020-08-03] virglrenderer 0.8.2-4 MIGRATED to testing (Debian testing watch)
[2020-07-28] Accepted virglrenderer 0.8.2-4 (source) into unstable (Gert Wollny)
[2020-07-18] virglrenderer 0.8.2-3 MIGRATED to testing (Debian testing watch)
[2020-07-12] Accepted virglrenderer 0.8.2-3 (source) into unstable (Gert Wollny)
[2020-05-01] virglrenderer 0.8.2-2 MIGRATED to testing (Debian testing watch)
[2020-04-26] Accepted virglrenderer 0.8.2-2 (source) into unstable (Gert Wollny)
[2020-04-25] Accepted virglrenderer 0.8.2-2~exp1 (source) into experimental (Gert Wollny)
[2020-02-18] virglrenderer 0.8.2-1 MIGRATED to testing (Debian testing watch)
[2020-02-12] Accepted virglrenderer 0.8.2-1 (source) into unstable (Gert Wollny)
[2020-01-19] virglrenderer 0.8.1-6 MIGRATED to testing (Debian testing watch)
[2020-01-13] Accepted virglrenderer 0.8.1-6 (source) into unstable (Gert Wollny)
[2020-01-13] Accepted virglrenderer 0.8.1-5 (source) into unstable (Gert Wollny)
[2020-01-11] Accepted virglrenderer 0.8.1-4 (source) into unstable (Gert Wollny)
[2020-01-10] Accepted virglrenderer 0.8.1-3 (source) into unstable (Gert Wollny)
[2020-01-09] Accepted virglrenderer 0.8.1-2 (source) into unstable (Gert Wollny)
[2019-12-20] Accepted virglrenderer 0.8.1-1 (source) into unstable (Gert Wollny)
[2019-10-28] virglrenderer 0.8.0-2 MIGRATED to testing (Debian testing watch)
[2019-10-23] Accepted virglrenderer 0.8.0-2 (source) into unstable (Gert Wollny)
[2019-09-29] virglrenderer 0.8.0-1 MIGRATED to testing (Debian testing watch)

1
2

bugs [bug history graph]

all: 0

links

homepage
lintian (0, 4)
buildd: logs, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 0.9.1-1~exp1ubuntu2
2 bugs
patches for 0.9.1-1~exp1ubuntu2

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing