Your message dated Wed, 21 Jul 2021 16:49:01 +0000 with message-id <e1m6fp3-00085q...@fasolo.debian.org> and subject line Bug#991353: fixed in nvidia-graphics-drivers-legacy-390xx 390.144-1 has caused the Debian Bug report #991353, regarding nvidia-graphics-drivers-legacy-390xx: CVE-2021-1093, CVE-2021-1094, CVE-2021-1095 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 991353: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991353 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: nvidia-graphics-drivers Severity: serious Tags: security upstream Control: clone -1 -2 -3 -4 -5 -6 -7 Control: reassign -2 src:nvidia-graphics-drivers-legacy-340xx 340.76-6 Control: retitle -2 nvidia-graphics-drivers-legacy-340xx: CVE-2021-1093, CVE-2021-1094, CVE-2021-1095 Control: tag -2 + wontfix Control: reassign -3 src:nvidia-graphics-drivers-legacy-390xx 390.48-4 Control: retitle -3 nvidia-graphics-drivers-legacy-390xx: CVE-2021-1093, CVE-2021-1094, CVE-2021-1095 Control: reassign -4 src:nvidia-graphics-drivers-tesla-418 418.87.01-1 Control: retitle -4 nvidia-graphics-drivers-tesla-418: CVE-2021-1093, CVE-2021-1094, CVE-2021-1095 Control: reassign -5 src:nvidia-graphics-drivers-tesla-440 440.64.00-1 Control: retitle -5 nvidia-graphics-drivers-tesla-440: CVE-2021-1093, CVE-2021-1094, CVE-2021-1095 Control: tag -5 + wontfix Control: reassign -6 src:nvidia-graphics-drivers-tesla-450 450.51.05-1 Control: retitle -6 nvidia-graphics-drivers-tesla-450: CVE-2021-1093, CVE-2021-1094, CVE-2021-1095 Control: reassign -7 src:nvidia-graphics-drivers-tesla-460 460.32.03-1 Control: retitle -7 nvidia-graphics-drivers-tesla-460: CVE-2021-1093, CVE-2021-1094, CVE-2021-1095 Control: found -1 340.24-1 Control: found -1 343.22-1 Control: found -1 396.18-1 Control: found -1 430.14-1 Control: found -1 450.51-1 Control: found -1 455.23.04-1 Control: found -1 465.24.02-1 https://nvidia.custhelp.com/app/answers/detail/a_id/5211 CVE‑2021‑1093 NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in firmware where the driver contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary, and may lead to denial of service or system crash. CVE‑2021‑1094 NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where an out of bounds array access may lead to denial of service or information disclosure. CVE‑2021‑1095 NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handlers for all control calls with embedded parameters where dereferencing an untrusted pointer may lead to denial of service. Driver Branch CVE IDs Addressed R470, R460, R450, R418, R390 CVE‑2021‑1093, CVE‑2021‑1094, CVE‑2021‑1095 Andreas
--- End Message ---
--- Begin Message ---Source: nvidia-graphics-drivers-legacy-390xx Source-Version: 390.144-1 Done: Andreas Beckmann <a...@debian.org> We believe that the bug you reported is fixed in the latest version of nvidia-graphics-drivers-legacy-390xx, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 991...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Andreas Beckmann <a...@debian.org> (supplier of updated nvidia-graphics-drivers-legacy-390xx package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 21 Jul 2021 18:15:32 +0200 Source: nvidia-graphics-drivers-legacy-390xx Architecture: source Version: 390.144-1 Distribution: unstable Urgency: medium Maintainer: Debian NVIDIA Maintainers <pkg-nvidia-de...@lists.alioth.debian.org> Changed-By: Andreas Beckmann <a...@debian.org> Closes: 989885 991353 Changes: nvidia-graphics-drivers-legacy-390xx (390.144-1) unstable; urgency=medium . * New upstream legacy branch release 390.144 (2021-07-20). * Fixed CVE-2021-1093, CVE-2021-1094, CVE-2021-1095. (Closes: #991353) https://nvidia.custhelp.com/app/answers/detail/a_id/5211 - Worked around a bug in Meson builds of libglvnd 1.3.0 that caused the nvidia_icd.json file to be installed in the wrong location. . [ Andreas Beckmann ] * Refresh patches. * nvidia-legacy-390xx-driver-libs: Add Recommends: libnvidia-encode1 (470.42.01-1). (Closes: #989885) * debian/gen-control.pl: Support substitutions in the Vcs-Git field (470.57.02-1). * Compute and substitute the Git branch instead of hardcoding it (470.57.02-1). Checksums-Sha1: e7c5293ff099bd17a4e2e546096bb6a15bfd092f 7598 nvidia-graphics-drivers-legacy-390xx_390.144-1.dsc 8e5378c8ba77c77cfdb09bd08c9ca184a0404ecd 84965827 nvidia-graphics-drivers-legacy-390xx_390.144.orig-amd64.tar.gz 8b18262058cdac5fe52621db2ce8134c39b7a888 30092440 nvidia-graphics-drivers-legacy-390xx_390.144.orig-armhf.tar.gz 178198f0ea69f18dd1053e9bee3dbffdb1ffb295 49171898 nvidia-graphics-drivers-legacy-390xx_390.144.orig-i386.tar.gz 3f836f33d6b23ee99b86f4bf346f54557238b1f5 138 nvidia-graphics-drivers-legacy-390xx_390.144.orig.tar.gz 9624cef28731e8b669f4d8d0097fa9ed8591096c 175896 nvidia-graphics-drivers-legacy-390xx_390.144-1.debian.tar.xz 60a00460fdc9245162f60f7f94a95cf41b0362c6 7893 nvidia-graphics-drivers-legacy-390xx_390.144-1_source.buildinfo Checksums-Sha256: 37c56d7cde9bab943f59dd93a5557b3d11c0577001d1a9cd950f17c554a05652 7598 nvidia-graphics-drivers-legacy-390xx_390.144-1.dsc 5aefc4a52a251107aced4f308123ed5b41d231e8e75110c45e83edff40acc220 84965827 nvidia-graphics-drivers-legacy-390xx_390.144.orig-amd64.tar.gz c93672634d10128503ecc2f77241359fd9fa88c37d3e0e5dffc5cc37acd608fd 30092440 nvidia-graphics-drivers-legacy-390xx_390.144.orig-armhf.tar.gz 440af47b18863ffaf80eb7b258c9fbe9da03a19e4b02ea0f986ed657bdf5bd13 49171898 nvidia-graphics-drivers-legacy-390xx_390.144.orig-i386.tar.gz d2c4228b841f02a02b4859eb0a29f03b617098ae9b7c3c0bc80b5b5f4ca91580 138 nvidia-graphics-drivers-legacy-390xx_390.144.orig.tar.gz f0c69781c3a4a2a919d25c2a6c141fff0a259a46c4413f400fc65707c1b4e9b6 175896 nvidia-graphics-drivers-legacy-390xx_390.144-1.debian.tar.xz dc14f2a1d7c0ea5be29baf7e49f559d3313265e0793a01f57a53b180fc195f9c 7893 nvidia-graphics-drivers-legacy-390xx_390.144-1_source.buildinfo Files: 607ea843b49bda2ae8d24aaba3038eea 7598 non-free/libs optional nvidia-graphics-drivers-legacy-390xx_390.144-1.dsc 84e94bb93887c3009d10969fcc930cef 84965827 non-free/libs optional nvidia-graphics-drivers-legacy-390xx_390.144.orig-amd64.tar.gz ecf0cd7cede042ffa57dfd31b2f7935e 30092440 non-free/libs optional nvidia-graphics-drivers-legacy-390xx_390.144.orig-armhf.tar.gz da3fcfe953ec9d61db25ea9ef232bb64 49171898 non-free/libs optional nvidia-graphics-drivers-legacy-390xx_390.144.orig-i386.tar.gz 8efe4ba7b0605eb592fb0b7ba58043c4 138 non-free/libs optional nvidia-graphics-drivers-legacy-390xx_390.144.orig.tar.gz e97834e98793005ebc80b7207b80ef1c 175896 non-free/libs optional nvidia-graphics-drivers-legacy-390xx_390.144-1.debian.tar.xz 9d00ff87915bc5779d5dfdcf02242729 7893 non-free/libs optional nvidia-graphics-drivers-legacy-390xx_390.144-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJEBAEBCAAuFiEE6/MKMKjZxjvaRMaUX7M/k1np7QgFAmD4SmkQHGFuYmVAZGVi aWFuLm9yZwAKCRBfsz+TWentCIB4D/4my6teZsHWTJ5SfJdkMZQmDYLWyn9TK5Ps DaCvIqusMxkDNFAVtmwH4nmJ2tYmeKi6gcphFuUiYE3Nnqi0d30XpwQzjdxt7ZBt qoxPBqJPkRMzHS1YI0/88c4ppkRW4k+vq42Vo0q3pDdK/VjkM8x+OVePtroLpQSU eHdhhW3sZHDFqNxi9jXblPrhEhwNhL7zLTk5PK3TESOUIjspMOnyxSi5hHVsFN4o BLZaytSfqRSrGd1Vw8uj444FUZMitkCxi01zTWnrGBjaNyxckiPbA47tZljxtMCe Yxw0yMbfJT76CM7yl8hKph1tWjwRq0O3cf2KAoY1WpYQLACNZeJ5b+wZEPEOTs/Y mPRer/kWd7HOtT2ANu/MidmffNYp3BkRjqVfi/LbmQC0Akn3yQHBCZMKjzrG/wE4 NpexhXxSuvmK0LoF5KVm+pfZmWMKXHUwooe5AUk+Dd9a/uGV/SmKNME0QZfRQ1yH Bq3hJoAAWgSsOCHIZOvJFODofbKReXTIGKL61H1nufmWDQKUQI7YL96pNX9zPS+s yA98X10797gyPaPYOOfftvcyAVx2WUDzwPFO5Z8ZwBn9WFu3E73s3bRsTjVU88uV Y+KRsO6s9t9BU1tI9yH4gda2U5HnGr09ZrbmrpejaQaqI0eEhspY8Xb3+WkcFR3H i66lMYhp4Q== =INgi -----END PGP SIGNATURE-----
--- End Message ---
