On 2026-02-26 at 13:41 UTC+01:00, Camila Camargo de Matos <[email protected]> wrote: > Hello Mesa developers, > > I am a Security engineer at SUSE and I am contacting you today to ask > more about the security fix for the for WebGPU out-of-bounds memory > access issue mentioned in the recent Mesa 26.0.1 release announcement. > > We are trying to identify the necessary commits that need to be > backported in order to patch our older version Mesa packages, and, after > some analysis, we consider the commits from the > https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/39866 MR as > being possible candidates. Would it be possible to confirm that these > are the changes addressing the reported WebGPU security issue?
That's correct. I guess I was hoping that rather than backporting a handful of commits, packagers would all update to the last release cycle (or the one before that), but yes, the two commits in that MR are the fix for that particular issue :) > If these > are not the commits that should be considered the fixes, would it be > possible to share which commits/MRs would allow us to fix the issue in > older releases of Mesa? > > Thanks in advance for any information you are able to provide! > > Regards, > > -- > Camila Camargo de Matos > Security Engineer @ SUSE Software Solutions > GPG: B9DF 0F03 0640 E780 6B47 E60E BF36 BDE9 D034 30D1 > > > Attachments: > * OpenPGP_signature.asc
