code.ossystems Code Review - openembedded-core.git/commit

]> code.ossystems Code Review - openembedded-core.git/commit

Code Review / openembedded-core.git / commit

author	Joe Slater <joe.slater@windriver.com>
	Wed, 9 Feb 2022 23:36:50 +0000 (15:36 -0800)
committer	Anuj Mittal <anuj.mittal@intel.com>
	Tue, 22 Feb 2022 03:27:56 +0000 (11:27 +0800)
commit	2d1ed522def1386ce2810c4634a394774b42228c
tree	7b6f6f01c07932d0bd4fe93d15578cae7fde66a4	tree \| snapshot
parent	da54478dede3bc1b537d3e98c6ae2aaede33abe2	commit \| diff

virglrenderer: fix CVE-2022-0135 and -0175

CVE-2022-0135 concerns out-of-bounds writes in read_transfer_data().
CVE-2022-0175 concerns using malloc() instead of calloc().

We "cherry-pick" from upstream. The actual cherry-picks are from
upstream master to branch-0.9.1 and are the patches entered here.

Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 91f7511df79c5c1f93add9f2827a5a266453614e)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>

meta/recipes-graphics/virglrenderer/virglrenderer/cve-2022-0135.patch	[new file with mode: 0644]	blob
meta/recipes-graphics/virglrenderer/virglrenderer/cve-2022-0175.patch	[new file with mode: 0644]	blob
meta/recipes-graphics/virglrenderer/virglrenderer_0.9.1.bb		diff \| blob \| history

Mirror of the official openembedded-core repository

RSS Atom