UbuntuUpdates.org

Package "mesa"

Name: mesa

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • state-tracker for Direct3D9
  • state-tracker for Direct3D9 -- development files
  • free implementation of the EGL API -- Mesa vendor library
  • free implementation of the EGL API -- development files
Latest version: 23.2.1-1ubuntu3.1~22.04.4
Release: jammy (22.04)
Level: security
Repository: main

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "mesa" in Jammy

Repository Area Version
base universe 22.0.1-1ubuntu2
base main 22.0.1-1ubuntu2
security universe 23.2.1-1ubuntu3.1~22.04.4
updates main 23.2.1-1ubuntu3.1~22.04.3
updates universe 23.2.1-1ubuntu3.1~22.04.3
PPA: Intel Linux Graphics 9.0.1-0ubuntu1~quantal

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 23.2.1-1ubuntu3.1~22.04.4 2026-06-15 14:07:42 UTC

  mesa (23.2.1-1ubuntu3.1~22.04.4) jammy-security; urgency=medium

  * SECURITY UPDATE: out-of-bounds memory access in WebGPU
    - debian/patches/CVE-2026-40393-pre1.patch: Use STACK_ARRAY instead of
      NIR_VLA in src/compiler/spirv/spirv_to_nir.c.
    - debian/patches/CVE-2026-40393-pre2.patch: move STACK_ARRAY into util
      in src/util/meson.build, src/util/stack_array.h,
      src/vulkan/util/vk_util.h.
    - debian/patches/CVE-2026-40393-1.patch: use STACK_ARRAY instead of
      NIR_VLA in src/compiler/spirv/spirv_to_nir.c.
    - debian/patches/CVE-2026-40393-2.patch: use STACK_ARRAY instead of
      NIR_VLA in src/compiler/nir/nir_inline_functions.c.
    - CVE-2026-40393

 -- Marc Deslauriers <email address hidden> Wed, 13 May 2026 08:54:07 +0200
CVE-2026-40393 In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an


About   -   Send Feedback to @ubuntu_updates