Your message dated Fri, 06 Jan 2017 21:17:39 +0000 with message-id <e1cpbtl-0002jz...@fasolo.debian.org> and subject line Bug#846331: fixed in nvidia-graphics-drivers-legacy-304xx 304.134-0~deb8u1 has caused the Debian Bug report #846331, regarding nvidia-graphics-drivers: CVE-2016-7382, CVE-2016-7389: missing permissions check and improper validation vulnerability to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 846331: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=846331 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: nvidia-graphics-drivers Severity: serious Tags: security upstream Control: clone -1 -2 -3 Control: reassign -2 nvidia-graphics-drivers-legacy-340xx Control: reassign -3 nvidia-graphics-drivers-legacy-304xx Control: retitle -2 nvidia-graphics-drivers-legacy-340xx: CVE-2016-7382, CVE-2016-7389: missing permissions check and improper validation vulnerability Control: retitle -3 nvidia-graphics-drivers-legacy-304xx: CVE-2016-7382, CVE-2016-7389: missing permissions check and improper validation vulnerability Control: close -1 367.57-1 Control: close -2 340.98-1 Control: close -3 304.132-1 http://nvidia.custhelp.com/app/answers/detail/a_id/4246 CVE-2016-7382 NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer (nvidia.ko) handler where a missing permissions check may allow users to gain access to arbitrary physical memory, leading to an escalation of privileges. CVE-2016-7389 NVIDIA GPU Display Driver on Linux contains a vulnerability in the kernel mode layer (nvidia.ko) handler for mmap() where improper input validation may allow users to gain access to arbitrary physical memory, leading to an escalation of privileges. Fixed versions: R370 370.28 R367 367.55 R340 340.98 R304 304.132 Andreas
--- End Message ---
--- Begin Message ---Source: nvidia-graphics-drivers-legacy-304xx Source-Version: 304.134-0~deb8u1 We believe that the bug you reported is fixed in the latest version of nvidia-graphics-drivers-legacy-304xx, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 846...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Andreas Beckmann <a...@debian.org> (supplier of updated nvidia-graphics-drivers-legacy-304xx package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 03 Jan 2017 10:05:35 +0100 Source: nvidia-graphics-drivers-legacy-304xx Binary: nvidia-legacy-304xx-driver xserver-xorg-video-nvidia-legacy-304xx libgl1-nvidia-legacy-304xx-glx libgl1-nvidia-legacy-304xx-glx-i386 nvidia-legacy-304xx-alternative nvidia-legacy-304xx-kernel-dkms nvidia-legacy-304xx-kernel-source Architecture: source Version: 304.134-0~deb8u1 Distribution: jessie Urgency: medium Maintainer: Debian NVIDIA Maintainers <pkg-nvidia-de...@lists.alioth.debian.org> Changed-By: Andreas Beckmann <a...@debian.org> Description: libgl1-nvidia-legacy-304xx-glx - NVIDIA binary OpenGL/GLX libraries${nvidia:LegacyDesc} libgl1-nvidia-legacy-304xx-glx-i386 - NVIDIA binary OpenGL/GLX 32-bit libraries${nvidia:LegacyDesc} nvidia-legacy-304xx-alternative - allows the selection of NVIDIA as GLX provider${nvidia:LegacyDesc nvidia-legacy-304xx-driver - NVIDIA metapackage${nvidia:LegacyDesc} nvidia-legacy-304xx-kernel-dkms - NVIDIA binary kernel module DKMS source${nvidia:LegacyDesc} nvidia-legacy-304xx-kernel-source - NVIDIA binary kernel module source${nvidia:LegacyDesc} xserver-xorg-video-nvidia-legacy-304xx - NVIDIA binary Xorg driver${nvidia:LegacyDesc} Closes: 805554 809324 845639 846331 848195 Changes: nvidia-graphics-drivers-legacy-304xx (304.134-0~deb8u1) jessie; urgency=medium . * New upstream legacy 304xx branch release 304.134 (2016-12-14). * Fixed CVE-2016-8826. (Closes: #848195) - Added support for X.Org xserver ABI 23 (xorg-server 1.19) * Improved compatibility with recent Linux kernels. * New upstream legacy 304xx branch release 304.132 (2016-09-26). * Fixed CVE-2016-7382, CVE-2016-7389. (Closes: #846331) - Added /var/log/dmesg to the list of paths which are searched by nvidia-bug-report.sh for kernel messages. - Fixed a bug that caused kernel panics when using the NVIDIA driver on v4.5 and newer Linux kernels built with CONFIG_DEBUG_VM_PGFLAGS. * Improved compatibility with recent Linux kernels. . [ Andreas Beckmann ] * Synchronize packaging with nvidia-graphics-drivers-legacy-304xx 304.134-1: * Synchronize packaging with nvidia-graphics-drivers-legacy-340xx 340.101-1: * Synchronize packaging with nvidia-graphics-drivers 370.28-2: - Overhaul package descriptions. * Synchronize packaging with nvidia-graphics-drivers-legacy-304xx 304.132-1: * Synchronize packaging with nvidia-graphics-drivers-legacy-340xx 340.98-1: * Synchronize packaging with nvidia-graphics-drivers 358.16-1: - get-orig-source: Generate .orig-$ARCH.tar.gz for each architecture. * Synchronize packaging with nvidia-graphics-drivers-legacy-304xx 304.131-4: * Synchronize kernel module build with nvidia-graphics-drivers: - Simplify maintaining the module build process. - Use NVIDIA's conftest.sh script to determine settings during module build instead of our manually maintained conftest.h header. - Hand over as much as possible to Kbuild. - Support building a 64-bit kernel module with 32-bit userspace. * Synchronize get-orig-source target with nvidia-graphics-drivers. * Synchronize bug-control, bug-script target with nvidia-graphics-drivers. * Synchronize packaging with nvidia-graphics-drivers-legacy-340xx 340.96-4: * Synchronize packaging with nvidia-graphics-drivers 352.79-6: - Stop special-casing the nvidia-alternative substitution. - Add B-D: dpkg-dev (>= 1.17.0) for dpkg-parsechangelog --show-field. - Bump Standards-Version to 3.9.8. No changes needed. * Synchronize packaging with nvidia-graphics-drivers-legacy-340xx 340.96-3: * Synchronize packaging with nvidia-graphics-drivers 352.79-5: - Drop incomplete Perfkit support. - Support building a 64-bit kernel module with 32-bit userspace. * Synchronize packaging with nvidia-graphics-drivers 352.79-4: - nvidia-legacy-304xx-kernel-source: Switch to debhelper compat level 9. - rules: Drop support for ancient .run layout. - debian/bug-control.mk: New script to generate bug-control. * Synchronize packaging with nvidia-graphics-drivers 352.79-3: - rules, rules.defs: Synchronize variable naming with unstable. * Synchronize packaging with nvidia-graphics-drivers-legacy-304xx 304.131-3: - Add disable-mtrr.patch to disable MTRR in the kernel module if building on 4.3 or greater, where the deprecated APIs the kernel module uses are no longer exported, causing a failure when the module is loaded at runtime. (Closes: #809324) * Drop some packaging bits needed for 340.xx and newer drivers only. * Depend on a setuid root Xserver. (Closes: #805554) * Add xorg-video-abi-23 as alternative dependency. (Closes: #845639) * nvidia-legacy-304xx-alternative: Restrict Depends: glx-alternative-nvidia to (<< 0.7). Uploading a new upstream legacy release to stable will invalidate package relationships in unstable, thus permitting some (partial) upgrade paths that will fail. * Update lintian overrides. Checksums-Sha1: 3c6d9ec7c5d2ea8056a80ebdf556b9f2155e8c75 3827 nvidia-graphics-drivers-legacy-304xx_304.134-0~deb8u1.dsc adea665b026fda3135a5fa23245924a050bab053 67614464 nvidia-graphics-drivers-legacy-304xx_304.134.orig-amd64.tar.gz 15bd954d68db59763e65100b9ba1e1f6fcc75620 39891101 nvidia-graphics-drivers-legacy-304xx_304.134.orig-i386.tar.gz 4bd3bdd206b8e411c3ee835e0df0695f62b6239b 137 nvidia-graphics-drivers-legacy-304xx_304.134.orig.tar.gz 752fb3ac48d402e91c215407ffad3d761e200f1e 85136 nvidia-graphics-drivers-legacy-304xx_304.134-0~deb8u1.debian.tar.xz Checksums-Sha256: 65df0ec7831cb9558eda447ee493ce5730acc5eb34f12c323046f24493c0a84b 3827 nvidia-graphics-drivers-legacy-304xx_304.134-0~deb8u1.dsc 9fda36cb4f460757a6f7f6a4b9cb425e50e02e35d07723d8f4824f3c51bfd961 67614464 nvidia-graphics-drivers-legacy-304xx_304.134.orig-amd64.tar.gz d76e001dc01b406cc8c2e221414cfcbf09bc6346c06863a730c563fa88acdb14 39891101 nvidia-graphics-drivers-legacy-304xx_304.134.orig-i386.tar.gz 397511d2eb92c2f42a79bf28fa4daa2fd06de8f28e854723351fec9d53bc49ef 137 nvidia-graphics-drivers-legacy-304xx_304.134.orig.tar.gz 353390d798d3df1f8bb1f65bc5ddee78c4d6f705c583f3207f22544067a6fc98 85136 nvidia-graphics-drivers-legacy-304xx_304.134-0~deb8u1.debian.tar.xz Files: 22933efff249a7dfa9685f6a90d6fa30 3827 non-free/libs optional nvidia-graphics-drivers-legacy-304xx_304.134-0~deb8u1.dsc 4b2d322aa7d244753bcbd23ec840c3fc 67614464 non-free/libs optional nvidia-graphics-drivers-legacy-304xx_304.134.orig-amd64.tar.gz bebd07120c082bd62ba50b55229490ea 39891101 non-free/libs optional nvidia-graphics-drivers-legacy-304xx_304.134.orig-i386.tar.gz 06b8fd1e166c4fd49a1884d63be45216 137 non-free/libs optional nvidia-graphics-drivers-legacy-304xx_304.134.orig.tar.gz 0cd5932f45ca6e1b16654c218002d348 85136 non-free/libs optional nvidia-graphics-drivers-legacy-304xx_304.134-0~deb8u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJYa339AAoJEF+zP5NZ6e0IgjgQAI6vEdzKHIR2TZOTMB6AMVsb 5yGZncImCO3d8EUq93dE5Z19psvUjNCfalN760joU7lXZwT24p5/GoRj7KvDql7r yzyIuy6j540ruswHNpfaUJlbLmyMr25VrJd8yayDYErXhei9HWYMMa5t77zKmCXK g9vsGjqDCrUVIBql+JtiMryOzEN8DGILwkggU8jxaxNuQyev1d0pWQGgObykD/3s 3kd/PQRbufvOlxaZz3oz0H38Whiz86rMuLZNYabbHSfdgq4kuRdpo6O6HmKZ8Uhz iReat1CQOypLr62vczGiGOHBd6rSynBmnFDw/dAivnNqmJ8dgoQ4OIy1J6KggASw Iwn4EmqczF0wAbnkx6iwp7si0wjCxnyWf9yndu+F5TS/QncewmZ8sNeqmUhQHJYh YmdQ8t6Skl+DC6fIVzNhnYI9wjgShWm0iFbZOgf83HTECVYaBvqFHSZw6Tl2e+iE TXs67f/i054gUwrRBjNMwN+7k1gDTTAKGcX2JasQkZJqyVhsDdUwcYQSRKWeRXaP ZyNzdlZcqgLOSPoiV5lpCPl8CKgisLyP6qGzqHDcynXnHOyqrZKMwIn7vDC+C3B9 SsYpN6p/zGXfFtG+Gtb4Ln/nelVHLx1xXYWhbObsIqoT/OyeCXrH1Mxkb+/DQKH+ Dxfysp3+AtrHpESYF+pw =FrlA -----END PGP SIGNATURE-----
--- End Message ---
