Bug#1025279: marked as done (nvidia-graphics-drivers: CVE-2022-34670, CVE-2022-34674, CVE-2022-34675, CVE-2022-34677, CVE-2022-34679, CVE-2022-34680, CVE-2022-34682, CVE-2022-34684, CVE-2022-42254, CVE-2022-42255, CVE-2022-42256, CVE-2022-42257, CVE-2022-42258, CVE-2022-42259, CVE-2022-42260, CVE-2022-42261, CVE-2022-42262, CVE-2022-42263, CVE-2022-42264)

[Debian Bug Tracking System]

Your message dated Fri, 27 Jan 2023 18:11:32 +0000
with message-id <e1pltcg-00fc1s...@fasolo.debian.org>
and subject line Bug#1025279: fixed in nvidia-graphics-drivers-tesla 515.86.01-1
has caused the Debian Bug report #1025279,
regarding nvidia-graphics-drivers: CVE-2022-34670, CVE-2022-34674, 
CVE-2022-34675, CVE-2022-34677, CVE-2022-34679, CVE-2022-34680, CVE-2022-34682, 
CVE-2022-34684, CVE-2022-42254, CVE-2022-42255, CVE-2022-42256, CVE-2022-42257, 
CVE-2022-42258, CVE-2022-42259, CVE-2022-42260, CVE-2022-42261, CVE-2022-42262, 
CVE-2022-42263, CVE-2022-42264
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1025279: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025279
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: nvidia-graphics-drivers
Severity: serious
Tags: security upstream
Control: clone -1 -2 -3 -4 -5 -6 -7 -8 -9
Control: reassign -2 src:nvidia-graphics-drivers-legacy-340xx 340.76-6
Control: retitle -2 nvidia-graphics-drivers-legacy-340xx: CVE-2022-34670, 
CVE-2022-34674, CVE-2022-34675, CVE-2022-34677, CVE-2022-34680, CVE-2022-42257, 
CVE-2022-42258, CVE-2022-42259
Control: tag -2 + wontfix
Control: reassign -3 src:nvidia-graphics-drivers-legacy-390xx 390.48-4
Control: retitle -3 nvidia-graphics-drivers-legacy-390xx: CVE-2022-34670, 
CVE-2022-34674, CVE-2022-34675, CVE-2022-34677, CVE-2022-34680, CVE-2022-42257, 
CVE-2022-42258, CVE-2022-42259
Control: reassign -4 src:nvidia-graphics-drivers-tesla-418 418.87.01-1
Control: retitle -4 nvidia-graphics-drivers-tesla-418: CVE-2022-34670, 
CVE-2022-34674, CVE-2022-34675, CVE-2022-34677, CVE-2022-34679, CVE-2022-34680, 
CVE-2022-34682, CVE-2022-42254, CVE-2022-42256, CVE-2022-42257, CVE-2022-42258, 
CVE-2022-42259, CVE-2022-42260, CVE-2022-42261, CVE-2022-42262, CVE-2022-42263, 
CVE-2022-42264
Control: tag -4 + wontfix
Control: reassign -5 src:nvidia-graphics-drivers-tesla-450 450.51.05-1
Control: retitle -5 nvidia-graphics-drivers-tesla-450: CVE-2022-34670, 
CVE-2022-34674, CVE-2022-34675, CVE-2022-34677, CVE-2022-34679, CVE-2022-34680, 
CVE-2022-34682, CVE-2022-42254, CVE-2022-42256, CVE-2022-42257, CVE-2022-42258, 
CVE-2022-42259, CVE-2022-42260, CVE-2022-42261, CVE-2022-42262, CVE-2022-42263, 
CVE-2022-42264
Control: reassign -6 src:nvidia-graphics-drivers-tesla-460 460.32.03-1
Control: retitle -6 nvidia-graphics-drivers-tesla-460: CVE-2022-34670, 
CVE-2022-34674, CVE-2022-34675, CVE-2022-34677, CVE-2022-34679, CVE-2022-34680, 
CVE-2022-34682, CVE-2022-42254, CVE-2022-42255, CVE-2022-42256, CVE-2022-42257, 
CVE-2022-42258, CVE-2022-42259, CVE-2022-42260, CVE-2022-42261, CVE-2022-42262, 
CVE-2022-42263, CVE-2022-42264
Control: tag -6 + wontfix
Control: close -6 460.106.00-3
Control: reassign -7 src:nvidia-graphics-drivers-tesla-470 470.57.02-1
Control: retitle -7 nvidia-graphics-drivers-tesla-470: CVE-2022-34670, 
CVE-2022-34674, CVE-2022-34675, CVE-2022-34677, CVE-2022-34679, CVE-2022-34680, 
CVE-2022-34682, CVE-2022-42254, CVE-2022-42255, CVE-2022-42256, CVE-2022-42257, 
CVE-2022-42258, CVE-2022-42259, CVE-2022-42260, CVE-2022-42261, CVE-2022-42262, 
CVE-2022-42263, CVE-2022-42264
Control: reassign -8 src:nvidia-graphics-drivers-tesla-510 510.47.03-1
Control: retitle -8 nvidia-graphics-drivers-tesla-510: CVE-2022-34670, 
CVE-2022-34674, CVE-2022-34675, CVE-2022-34677, CVE-2022-34679, CVE-2022-34680, 
CVE-2022-34682, CVE-2022-34684, CVE-2022-42254, CVE-2022-42255, CVE-2022-42256, 
CVE-2022-42257, CVE-2022-42258, CVE-2022-42259, CVE-2022-42260, CVE-2022-42261, 
CVE-2022-42262, CVE-2022-42263, CVE-2022-42264
Control: reassign -9 src:nvidia-graphics-drivers-tesla 510.85.02-1
Control: retitle -9 nvidia-graphics-drivers-tesla: CVE-2022-34670, 
CVE-2022-34674, CVE-2022-34675, CVE-2022-34677, CVE-2022-34679, CVE-2022-34680, 
CVE-2022-34682, CVE-2022-34684, CVE-2022-42254, CVE-2022-42255, CVE-2022-42256, 
CVE-2022-42257, CVE-2022-42258, CVE-2022-42259, CVE-2022-42260, CVE-2022-42261, 
CVE-2022-42262, CVE-2022-42263, CVE-2022-42264
Control: found -1 340.24-1
Control: found -1 343.22-1
Control: found -1 396.18-1
Control: found -1 430.14-1
Control: found -1 455.23.04-1
Control: found -1 465.24.02-1
Control: found -1 495.44-1
Control: found -1 515.48.07-1

https://nvidia.custhelp.com/app/answers/detail/a_id/5415

CVE-2022-34670  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer handler, where an unprivileged
regular user can cause truncation errors when casting a primitive to a
primitive of smaller size causes data to be lost in the conversion,
which may lead to denial of service or information disclosure.

CVE-2022-42263  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer handler, where an Integer
overflow may lead to denial of service or information disclosure.

CVE-2022-34676  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer handler, where an out-of-bounds
read may lead to denial of service, information disclosure, or data
tampering.

CVE-2022-42264  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer, where an unprivileged regular
user can cause the use of an out-of-range pointer offset, which may lead
to data tampering, data loss, information disclosure, or denial of
service.

CVE-2022-34674  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer handler, where a helper function
maps more physical pages than were requested, which may lead to
undefined behavior or an information leak.

CVE-2022-34678  NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in the kernel mode layer, where an unprivileged user can
cause a null-pointer dereference, which may lead to denial of service.

CVE-2022-34679  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer handler, where an unhandled
return value can lead to a null-pointer dereference, which may lead to
denial of service.

CVE-2022-34680  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer handler, where an integer
truncation can lead to an out-of-bounds read, which may lead to denial
of service.

CVE-2022-34677  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer handler, where an unprivileged
regular user can cause an integer to be truncated, which may lead to
denial of service or data tampering.

CVE-2022-34682  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer, where an unprivileged regular
user can cause a null-pointer dereference, which may lead to denial of
service.

CVE-2022-42257  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer (nvidia.ko), where an integer
overflow may lead to information disclosure, data tampering or denial of
service.

CVE-2022-42265  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer (nvidia.ko), where an integer
overflow may lead to information disclosure or data tampering.

CVE-2022-34684  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer (nvidia.ko), where an off-by-one
error may lead to data tampering or information disclosure.

CVE-2022-42254  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer (nvidia.ko), where an
out-of-bounds array access may lead to denial of service, data
tampering, or information disclosure.

CVE-2022-42258  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer (nvidia.ko), where an integer
overflow may lead to denial of service, data tampering, or information
disclosure.

CVE-2022-42255  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer (nvidia.ko), where an
out-of-bounds array access may lead to denial of service, information
disclosure, or data tampering.

CVE-2022-42256  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer (nvidia.ko), where an integer
overflow in index validation may lead to denial of service, information
disclosure, or data tampering.

CVE-2022-34673  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer (nvidia.ko), where an
out-of-bounds array access may lead to denial of service, information
disclosure, or data tampering.

CVE-2022-42259  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer (nvidia.ko), where an integer
overflow may lead to denial of service.


Linux Driver Branch     CVE IDs Addressed
R515    CVE-2022-34670, CVE-2022-34673, CVE-2022-34674, CVE-2022-34675,
        CVE-2022-34677, CVE-2022-34679, CVE-2022-34680, CVE-2022-34682,
        CVE-2022-34684, CVE-2022-42254, CVE-2022-42255, CVE-2022-42256,
        CVE-2022-42257, CVE-2022-42258, CVE-2022-42259, CVE-2022-42263,
        CVE-2022-42264, CVE-2022-42265
R510    CVE-2022-34670, CVE-2022-34674, CVE-2022-34675, CVE-2022-34677,
        CVE-2022-34679, CVE-2022-34680, CVE-2022-34682, CVE-2022-34684,
        CVE-2022-42254, CVE-2022-42255, CVE-2022-42256, CVE-2022-42257,
        CVE-2022-42258, CVE-2022-42259, CVE-2022-42260, CVE-2022-42261,
        CVE-2022-42262, CVE-2022-42263, CVE-2022-42264
R470    CVE-2022-34670, CVE-2022-34674, CVE-2022-34675, CVE-2022-34677,
        CVE-2022-34679, CVE-2022-34680, CVE-2022-34682, CVE-2022-42254,
        CVE-2022-42255, CVE-2022-42256, CVE-2022-42257, CVE-2022-42258,
        CVE-2022-42259, CVE-2022-42260, CVE-2022-42261, CVE-2022-42262,
        CVE-2022-42263, CVE-2022-42264
R450    CVE-2022-34670, CVE-2022-34674, CVE-2022-34675, CVE-2022-34677,
        CVE-2022-34679, CVE-2022-34680, CVE-2022-34682, CVE-2022-42254,
        CVE-2022-42256, CVE-2022-42257, CVE-2022-42258, CVE-2022-42259,
        CVE-2022-42260, CVE-2022-42261, CVE-2022-42262, CVE-2022-42263,
        CVE-2022-42264
R390    CVE-2022-34670, CVE-2022-34674, CVE-2022-34675, CVE-2022-34677,
        CVE-2022-34680, CVE-2022-42257, CVE-2022-42258, CVE-2022-42259


Andreas

--- End Message ---

--- Begin Message ---

Source: nvidia-graphics-drivers-tesla
Source-Version: 515.86.01-1
Done: Andreas Beckmann <a...@debian.org>

We believe that the bug you reported is fixed in the latest version of
nvidia-graphics-drivers-tesla, which is due to be installed in the Debian FTP 
archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1025...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Beckmann <a...@debian.org> (supplier of updated 
nvidia-graphics-drivers-tesla package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 27 Jan 2023 18:39:16 +0100
Source: nvidia-graphics-drivers-tesla
Architecture: source
Version: 515.86.01-1
Distribution: unstable
Urgency: medium
Maintainer: Debian NVIDIA Maintainers <pkg-nvidia-de...@lists.alioth.debian.org>
Changed-By: Andreas Beckmann <a...@debian.org>
Closes: 1025279
Changes:
 nvidia-graphics-drivers-tesla (515.86.01-1) unstable; urgency=medium
 .
   * Rebuild as Tesla driver.
   * Upload to unstable.
 .
 nvidia-graphics-drivers (515.86.01-1) unstable; urgency=medium
 .
   * New upstream production branch release 515.86.01 (2022-11-22).
     * Fixed CVE-2022-34670, CVE-2022-34673, CVE-2022-34674, CVE-2022-34675,
       CVE-2022-34677, CVE-2022-34679, CVE-2022-34680, CVE-2022-34682,
       CVE-2022-34684, CVE-2022-42254, CVE-2022-42255, CVE-2022-42256,
       CVE-2022-42257, CVE-2022-42258, CVE-2022-42259, CVE-2022-42263,
       CVE-2022-42264, CVE-2022-42265.  (Closes: #1025279)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5415
     - Fixed a regression in 515.76 that caused blank screens and hangs when
       starting an X server on RTX 30 series GPUs in some configurations where
       the boot display is connected via HDMI.
     - Fixed a bug where Marvel's Spider-Man Remastered would sometimes crash
       with Xid 13 errors on Turing and later.
 .
   [ Andreas Beckmann ]
   * Refresh patches.
   * Update symbols files.
   * Upload to unstable.
 .
 nvidia-graphics-drivers (515.76-1) experimental; urgency=medium
 .
   * New upstream production branch release 515.76 (2022-09-20).
     - Turing and later: fixed possible excessive GPU power draw on an idle
       X11 or Wayland desktop when driving high resolutions or refresh rates.
     * Improved compatibility with recent Linux kernels.
   * New upstream Tesla release (amd64 only) 515.65.07 (2022-10-19).
 .
   [ Andreas Beckmann ]
   * Refresh patches.
Checksums-Sha1:
 707422a93df4c822919ae4f087fa2d550d462b20 7529 
nvidia-graphics-drivers-tesla_515.86.01-1.dsc
 a0848e664f511647a1f29ea9025a87f11c32b998 363725018 
nvidia-graphics-drivers-tesla_515.86.01.orig-amd64.tar.gz
 55517e11b36a04199052b1dba94db014d7b5343e 221069861 
nvidia-graphics-drivers-tesla_515.86.01.orig-arm64.tar.gz
 bb83790683e15cc19156ae6b1a57a9834f4d89b1 75905575 
nvidia-graphics-drivers-tesla_515.86.01.orig-ppc64el.tar.gz
 eed64161943824b63c4256e856732a95d69fd513 140 
nvidia-graphics-drivers-tesla_515.86.01.orig.tar.gz
 683d3a4d4b7233315ad58f783787ff7ffd561a48 216348 
nvidia-graphics-drivers-tesla_515.86.01-1.debian.tar.xz
 38fe02c7b10ca56b8ba6dcdd9d1829aec2bb30e2 5630 
nvidia-graphics-drivers-tesla_515.86.01-1_source.buildinfo
Checksums-Sha256:
 18bd4d34cd3d37b3155fa9b9b61a693b91d7b812572f03ae405ff45d9f72b4eb 7529 
nvidia-graphics-drivers-tesla_515.86.01-1.dsc
 09e2f36311844dc59873f9ae460a989c765eac374d0df73ec20df4959872e8b1 363725018 
nvidia-graphics-drivers-tesla_515.86.01.orig-amd64.tar.gz
 17940fd42c78882af9c1c2c9922f59b1eb404c625b4becda5afb967215768afe 221069861 
nvidia-graphics-drivers-tesla_515.86.01.orig-arm64.tar.gz
 096d19454bd5a78be235d66bfe2441b58f91ffc6720ceedf96c9ddf28d892237 75905575 
nvidia-graphics-drivers-tesla_515.86.01.orig-ppc64el.tar.gz
 652515348b4f2c5aa6c0543ac8c4826362eebab783b369cc33022722807fa512 140 
nvidia-graphics-drivers-tesla_515.86.01.orig.tar.gz
 13b029f74565665b983e8e003a8485f37bb9e46111f425c990f1394b0a5d5393 216348 
nvidia-graphics-drivers-tesla_515.86.01-1.debian.tar.xz
 75972c924c9b721a664b6a67f1e6bc351bc6e7a16b94628a1811d55df3a0ce3b 5630 
nvidia-graphics-drivers-tesla_515.86.01-1_source.buildinfo
Files:
 b44fe8b67625727109f4275fad413c78 7529 non-free/libs optional 
nvidia-graphics-drivers-tesla_515.86.01-1.dsc
 eb93fb577fd6bf2d7c2546823e4eaf9c 363725018 non-free/libs optional 
nvidia-graphics-drivers-tesla_515.86.01.orig-amd64.tar.gz
 218f2e496d8dd4d1b36afa48b692b218 221069861 non-free/libs optional 
nvidia-graphics-drivers-tesla_515.86.01.orig-arm64.tar.gz
 ed533580b72f52b5537fc4acdf344544 75905575 non-free/libs optional 
nvidia-graphics-drivers-tesla_515.86.01.orig-ppc64el.tar.gz
 c3c20839689299b1779a01bab2e980a1 140 non-free/libs optional 
nvidia-graphics-drivers-tesla_515.86.01.orig.tar.gz
 10f3efdf28cba7039743eeabeb986865 216348 non-free/libs optional 
nvidia-graphics-drivers-tesla_515.86.01-1.debian.tar.xz
 bb7e7482a223612d6130037837b85a53 5630 non-free/libs optional 
nvidia-graphics-drivers-tesla_515.86.01-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJEBAEBCAAuFiEE6/MKMKjZxjvaRMaUX7M/k1np7QgFAmPUDS4QHGFuYmVAZGVi
aWFuLm9yZwAKCRBfsz+TWentCMQCD/4/EEAj53vFwJUIxNLmTyI+rqGHRvGWSVxu
ql3Y08l+BkTm7zkNNH1qZIwKmApsbx0sdr9psZOv0xFcfDCEzCd9O3VshUdYI5Bf
C1ap04SS25nIcf3Ks4AcfRJkF6WWsVwXalJ5jBG7k8ho3n8a6SXFrWSvWKUFZGij
iAcH2zPhnW2N7DJxBc27uLTB6k4Qz76yASgAbr0ptbZcepazaCKn4iycxkeMYfL+
DMDG8hWLMU4zP5un2tuvfCEKZrovSU79jIo/N0Du/FOSbQOxLBCpOZiJIxD2kFIR
HU8nKDwy4QN5w1J0wuGKCI86nJpBBjj3aJRvNIbB3BxHMZ3UnOT+/3CUiyXQrqsA
9PsZfMbTJ/YQHjQXaGdtyP+e0U7LPszpkafBSgOzvkzlseSEqnvF49MokHNAgDQQ
YOJkI7DAWkizXb8NSobk2RI6U4ItBM3NhXw353mAULmKkcKI4Gdj/OEBijt3tQgT
AO03c5VBE0vw0h5bdv4RhVDGsmN4oxt1akUx1laOT5xz3UceRxfzSWYap4EJnwKP
7Z7oj/1qYq/CBp3W7JyH8P5it/wlIotXnBmwyyjDrW8NoAWgu/l3SROLlIzva2rc
WxkH3mK7nYqZ+EpQ2ZAeANwZELcNk9q3+fxy0IEwVo0Arclcmt/aJk/zqnk+wK1W
e0sxaSMXQg==
=ABmS
-----END PGP SIGNATURE-----

--- End Message ---