On Tuesday, 2026-03-03 08:57:36 -0300, Camila Camargo de Matos wrote:
> Hello, Eric and Mesa team.
> 
> On 2/27/26 19:45, Eric Engestrom wrote:
> > That's correct. I guess I was hoping that rather than backporting
> > a handful of commits, packagers would all update to the last release cycle
> > (or the one before that), but yes, the two commits in that MR are the fix
> > for that particular issue :)
> Thank you very much for the quick response and confirmation of the fixing
> commits!
> 
> Considering that this fix is addressing a relevant security issue, which was
> reported as being "[...] rather pressing due to the WebGPU exposure in
> modern web browsers", has the Mesa team considered the possibility of
> assigning a CVE ID for the issue?
> 
> I ask, because we want to ensure this can be properly tracked. If you think
> that a CVE is warranted in this case, we, the SUSE Security team*, *can make
> the request to save you the overhead.

Hi Camila,

Thank you for offering!  The team who discovered and reported the issue is not
yet able to go through the CVE process, so we would love to take you up on
your offer to do it for us.

Cheers,
  Eric

Reply via email to