Bug#1039678: marked as done (nvidia-graphics-drivers: CVE-2023-25515, CVE-2023-25516)

Tue, 11 Jul 2023 15:06:22 -0700 

Your message dated Tue, 11 Jul 2023 22:02:08 +0000
with message-id <e1qjlqu-003fvq...@fasolo.debian.org>
and subject line Bug#1039678: fixed in nvidia-graphics-drivers-tesla-470 
470.199.02-1~deb12u1
has caused the Debian Bug report #1039678,
regarding nvidia-graphics-drivers: CVE-2023-25515, CVE-2023-25516
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1039678: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039678
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Source: nvidia-graphics-drivers
Severity: serious
Tags: security upstream
X-Debbugs-Cc: Debian Security Team <t...@security.debian.org>
Control: clone -1 -2 -3 -4 -5 -6 -7 -8 -9
Control: reassign -2 src:nvidia-graphics-drivers-legacy-340xx 340.76-6
Control: retitle -2 nvidia-graphics-drivers-legacy-340xx: CVE-2023-25515, 
CVE-2023-25516
Control: tag -2 + wontfix
Control: reassign -3 src:nvidia-graphics-drivers-legacy-390xx 390.48-4
Control: retitle -3 nvidia-graphics-drivers-legacy-390xx: CVE-2023-25515, 
CVE-2023-25516
Control: tag -3 + wontfix
Control: reassign -4 src:nvidia-graphics-drivers-tesla-418 418.87.01-1
Control: retitle -4 nvidia-graphics-drivers-tesla-418: CVE-2023-25515, 
CVE-2023-25516
Control: tag -4 + wontfix
Control: reassign -5 src:nvidia-graphics-drivers-tesla-450 450.51.05-1
Control: retitle -5 nvidia-graphics-drivers-tesla-450: CVE-2023-25515, 
CVE-2023-25516
Control: reassign -6 src:nvidia-graphics-drivers-tesla-460 460.32.03-1
Control: retitle -6 nvidia-graphics-drivers-tesla-460: CVE-2023-25515, 
CVE-2023-25516
Control: tag -6 + wontfix
Control: close -6 460.106.00-3
Control: reassign -7 src:nvidia-graphics-drivers-tesla-470 470.57.02-1
Control: retitle -7 nvidia-graphics-drivers-tesla-470: CVE-2023-25515, 
CVE-2023-25516
Control: reassign -8 src:nvidia-graphics-drivers-tesla 510.85.02-1
Control: retitle -8 nvidia-graphics-drivers-tesla: CVE-2023-25515, 
CVE-2023-25516
Control: found -8 515.48.07-1
Control: found -8 525.60.13-1
Control: reassign -9 src:nvidia-open-gpu-kernel-modules 515.43.04-1
Control: retitle -9 nvidia-open-gpu-kernel-modules: CVE-2023-25515, 
CVE-2023-25516
Control: found -9 520.56.06-1
Control: found -9 525.85.12-1
Control: found -9 530.30.02-1
Control: found -1 340.24-1
Control: found -1 343.22-1
Control: found -1 396.18-1
Control: found -1 430.14-1
Control: found -1 455.23.04-1
Control: found -1 465.24.02-1
Control: found -1 495.44-1
Control: found -1 515.48.07-1
Control: found -1 520.56.06-1
Control: found -1 525.53-1
Control: found -1 530.30.02-1

https://nvidia.custhelp.com/app/answers/detail/a_id/5468

CVE-2023-25515  NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability where unexpected untrusted data is parsed, which may
lead to code execution, denial of service, escalation of privileges,
data tampering, or information disclosure.

CVE-2023-25516  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer, where an unprivileged user can
cause an integer overflow, which may lead to information disclosure and
denial of service.

Linux Driver Branch     CVE IDs Addressed
R535, R525, R470, R450  CVE-2023-25515, CVE-2023-25516

Driver Branch   Affected Driver Versions                        Updated Driver 
Version
R535            All driver versions prior to 535.54.03          535.54.03
R525            All driver versions prior to 525.125.06         525.125.06
R470            All driver versions prior to 470.199.02         470.199.02
R450            All driver versions prior to 450.248.02         450.248.02

Andreas

--- End Message ---
--- Begin Message --- 
Source: nvidia-graphics-drivers-tesla-470
Source-Version: 470.199.02-1~deb12u1
Done: Andreas Beckmann <a...@debian.org>

We believe that the bug you reported is fixed in the latest version of
nvidia-graphics-drivers-tesla-470, which is due to be installed in the Debian 
FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1039...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Beckmann <a...@debian.org> (supplier of updated 
nvidia-graphics-drivers-tesla-470 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 10 Jul 2023 15:47:40 +0200
Source: nvidia-graphics-drivers-tesla-470
Architecture: source
Version: 470.199.02-1~deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: Debian NVIDIA Maintainers <pkg-nvidia-de...@lists.alioth.debian.org>
Changed-By: Andreas Beckmann <a...@debian.org>
Closes: 1038004 1039678 1039684
Changes:
 nvidia-graphics-drivers-tesla-470 (470.199.02-1~deb12u1) bookworm; 
urgency=medium
 .
   * Rebuild for bookworm.
 .
 nvidia-graphics-drivers-tesla-470 (470.199.02-1) unstable; urgency=medium
 .
   * New upstream production branch release 470.199.02 (2023-06-26).
     * Fixed CVE-2023-25515, CVE-2023-25516.  (Closes: #1039684)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5468
     * Improved compatibility with recent Linux kernels.
 .
   [ Andreas Beckmann ]
   * Refresh patches.
 .
 nvidia-graphics-drivers (470.199.02-1) bullseye; urgency=medium
 .
   * New upstream production branch release 470.199.02 (2023-06-26).
     * Fixed CVE-2023-25515, CVE-2023-25516.  (Closes: #1039678)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5468
     * Improved compatibility with recent Linux kernels.
 .
   [ Andreas Beckmann ]
   * Refresh patches.
   * Upload to bullseye.
 .
 nvidia-graphics-drivers-tesla-470 (470.182.03-2) unstable; urgency=medium
 .
   * Backport vm_area_struct_has_const_vm_flags changes from 470.199.02 to fix
     kernel module build for Linux 6.3.  (Closes: #1038004)
   * Backport drm_driver_has_dumb_destroy changes from 525.116.03 to fix kernel
     module build for Linux 6.4.
 .
 nvidia-graphics-drivers-tesla-470 (470.182.03-1~deb11u1) bullseye; 
urgency=medium
 .
   * Rebuild for bullseye.
Checksums-Sha1:
 56036d4528681dadf6a053cfcc4399a420100513 8188 
nvidia-graphics-drivers-tesla-470_470.199.02-1~deb12u1.dsc
 f0a700d5ab787f4c0f432baa4a1beb2b7e0e8551 211844 
nvidia-graphics-drivers-tesla-470_470.199.02-1~deb12u1.debian.tar.xz
 135e55242ea084bd09d74e7eec6c2757ad6f0c72 7807 
nvidia-graphics-drivers-tesla-470_470.199.02-1~deb12u1_source.buildinfo
Checksums-Sha256:
 29998602b33243e9d4cbc851b0e6f1847d6c7ad8b1657ff7da599dd41275084a 8188 
nvidia-graphics-drivers-tesla-470_470.199.02-1~deb12u1.dsc
 d23ee07afaa2f9381f793eddcebc7ee5eee2c74aa07cc38a20d27eb48239707e 211844 
nvidia-graphics-drivers-tesla-470_470.199.02-1~deb12u1.debian.tar.xz
 f9151a504c8f0f68c6db54b44cc3212ad93c66ea647084452539e695b7cc3a80 7807 
nvidia-graphics-drivers-tesla-470_470.199.02-1~deb12u1_source.buildinfo
Files:
 a8efd78b67b5c67062b35e3c223bc230 8188 non-free/libs optional 
nvidia-graphics-drivers-tesla-470_470.199.02-1~deb12u1.dsc
 92915678235c992244b8fc22f8ff275f 211844 non-free/libs optional 
nvidia-graphics-drivers-tesla-470_470.199.02-1~deb12u1.debian.tar.xz
 584d0694c0010da62d6c3c125c78e17b 7807 non-free/libs optional 
nvidia-graphics-drivers-tesla-470_470.199.02-1~deb12u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJEBAEBCAAuFiEE6/MKMKjZxjvaRMaUX7M/k1np7QgFAmSsgjIQHGFuYmVAZGVi
aWFuLm9yZwAKCRBfsz+TWentCNLzD/9h91shhy+Xvo4FT3sMfs9R2hF+1sPwmVuU
hYNqN+aIAN8Zn/Aoge9W18WLTYv0EfozAkVbyLC2iLD3bzN5GpkiLRh+pvlIFAQN
D8G9fB+t6TYm4vsi5TRzdMXQxqQ1VOFetO5LtCk+1JJXeW9k+vY3V5Uhp8YBLtfk
K2Np87tlcx4aSl6kPr4iMRrKShlUo/p4U/a18W75Z9nQJXMHZzAuv6q3TCSFeBFO
t7kY8sfqwyviyJaa7gR9WP/zOI/nnopgJSbmcqz3DI5VEODc5o82arQXOYy6ourX
M+vH2EGMQKNutZxOEcoNmUdMy8As/509ELxSTlX/K6d8QZ1F1Tw90wJqECSADyRl
GZAXTRldooTKaf/8+htQX/J2E4FiWAdQ+lq09IMTx9Ag+EEqbT5zuOedXyLdpacz
ylIhQatVlqNTzgdJfECXo3VEdltq1YH6b1K7WcYQFEbm+3nf+sUN4t4RHVDUC4OE
himqMmiJ6K6TAma/Vwqs4BEtkJ9pJQKaBGJ7WM+vzIWwxvsU2f6KdCggmM1oAktQ
edlC7hY9T5sUh9O79yyzaiTRNRN4M4rIVXBkRaWXic2+llKBeAHaVod/xc1mbWyO
IhUkZJRFX5yk5Sdyv2/WmNOqJyHPrEydN6ugDoCNvbHXcYowCS+UX0SUxEmLLRS7
8tM85ueDGQ==
=P3mG
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to