[Bug 1046933] Re: glsl/linker: array buffer overrun [CVE-2012-2864]
Steve Beattie
sbeattie at ubuntu.com
Tue Sep 11 17:41:42 UTC 2012
Looks like Didier incorporated this patch into his
mesa_9.0~git20120903.e1673d20.is.git20120821.c1114c61-0ubuntu1 upload,
closing this bug.
Thanks!
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2864
** Changed in: mesa (Ubuntu)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1046933
Title:
glsl/linker: array buffer overrun [CVE-2012-2864]
Status in “mesa” package in Ubuntu:
Fix Released
Bug description:
Mesa allows remote attackers to possibly execute arbitrary code due to
a samplers array overflow in the glsl/linker.
References:
http://googlechromereleases.blogspot.com/2012/08/stable-channel-update-for-chrome-os.html
http://www.mail-archive.com/mesa-dev@lists.freedesktop.org/msg25207.html
Upstream commit:
http://cgit.freedesktop.org/mesa/mesa/commit/src/glsl/link_uniforms.cpp?id=ff996cafce511dd8a6c4e066e409c23e147a670c
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mesa/+bug/1046933/+subscriptions
More information about the Ubuntu-sponsors
mailing list