Bug#1039678: marked as done (nvidia-graphics-drivers: CVE-2023-25515, CVE-2023-25516)

Debian Bug Tracking System Sat, 15 Jul 2023 09:33:37 -0700

Your message dated Sat, 15 Jul 2023 16:32:10 +0000
with message-id <e1qkibm-00539i...@fasolo.debian.org>
and subject line Bug#1039678: fixed in nvidia-graphics-drivers 
525.125.06-1~deb12u1
has caused the Debian Bug report #1039678,
regarding nvidia-graphics-drivers: CVE-2023-25515, CVE-2023-25516
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1039678: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039678
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: nvidia-graphics-drivers
Severity: serious
Tags: security upstream
X-Debbugs-Cc: Debian Security Team <t...@security.debian.org>
Control: clone -1 -2 -3 -4 -5 -6 -7 -8 -9
Control: reassign -2 src:nvidia-graphics-drivers-legacy-340xx 340.76-6
Control: retitle -2 nvidia-graphics-drivers-legacy-340xx: CVE-2023-25515, 
CVE-2023-25516
Control: tag -2 + wontfix
Control: reassign -3 src:nvidia-graphics-drivers-legacy-390xx 390.48-4
Control: retitle -3 nvidia-graphics-drivers-legacy-390xx: CVE-2023-25515, 
CVE-2023-25516
Control: tag -3 + wontfix
Control: reassign -4 src:nvidia-graphics-drivers-tesla-418 418.87.01-1
Control: retitle -4 nvidia-graphics-drivers-tesla-418: CVE-2023-25515, 
CVE-2023-25516
Control: tag -4 + wontfix
Control: reassign -5 src:nvidia-graphics-drivers-tesla-450 450.51.05-1
Control: retitle -5 nvidia-graphics-drivers-tesla-450: CVE-2023-25515, 
CVE-2023-25516
Control: reassign -6 src:nvidia-graphics-drivers-tesla-460 460.32.03-1
Control: retitle -6 nvidia-graphics-drivers-tesla-460: CVE-2023-25515, 
CVE-2023-25516
Control: tag -6 + wontfix
Control: close -6 460.106.00-3
Control: reassign -7 src:nvidia-graphics-drivers-tesla-470 470.57.02-1
Control: retitle -7 nvidia-graphics-drivers-tesla-470: CVE-2023-25515, 
CVE-2023-25516
Control: reassign -8 src:nvidia-graphics-drivers-tesla 510.85.02-1
Control: retitle -8 nvidia-graphics-drivers-tesla: CVE-2023-25515, 
CVE-2023-25516
Control: found -8 515.48.07-1
Control: found -8 525.60.13-1
Control: reassign -9 src:nvidia-open-gpu-kernel-modules 515.43.04-1
Control: retitle -9 nvidia-open-gpu-kernel-modules: CVE-2023-25515, 
CVE-2023-25516
Control: found -9 520.56.06-1
Control: found -9 525.85.12-1
Control: found -9 530.30.02-1
Control: found -1 340.24-1
Control: found -1 343.22-1
Control: found -1 396.18-1
Control: found -1 430.14-1
Control: found -1 455.23.04-1
Control: found -1 465.24.02-1
Control: found -1 495.44-1
Control: found -1 515.48.07-1
Control: found -1 520.56.06-1
Control: found -1 525.53-1
Control: found -1 530.30.02-1

https://nvidia.custhelp.com/app/answers/detail/a_id/5468

CVE-2023-25515  NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability where unexpected untrusted data is parsed, which may
lead to code execution, denial of service, escalation of privileges,
data tampering, or information disclosure.

CVE-2023-25516  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer, where an unprivileged user can
cause an integer overflow, which may lead to information disclosure and
denial of service.

Linux Driver Branch     CVE IDs Addressed
R535, R525, R470, R450  CVE-2023-25515, CVE-2023-25516

Driver Branch   Affected Driver Versions                        Updated Driver 
Version
R535            All driver versions prior to 535.54.03          535.54.03
R525            All driver versions prior to 525.125.06         525.125.06
R470            All driver versions prior to 470.199.02         470.199.02
R450            All driver versions prior to 450.248.02         450.248.02

Andreas

--- End Message ---

--- Begin Message ---

Source: nvidia-graphics-drivers
Source-Version: 525.125.06-1~deb12u1
Done: Andreas Beckmann <a...@debian.org>

We believe that the bug you reported is fixed in the latest version of
nvidia-graphics-drivers, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1039...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Beckmann <a...@debian.org> (supplier of updated nvidia-graphics-drivers 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 12 Jul 2023 16:16:16 +0200
Source: nvidia-graphics-drivers
Architecture: source
Version: 525.125.06-1~deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: Debian NVIDIA Maintainers <pkg-nvidia-de...@lists.alioth.debian.org>
Changed-By: Andreas Beckmann <a...@debian.org>
Closes: 1039678
Changes:
 nvidia-graphics-drivers (525.125.06-1~deb12u1) bookworm; urgency=medium
 .
   * Rebuild for bookworm.
 .
 nvidia-graphics-drivers (525.125.06-1) unstable; urgency=medium
 .
   * New upstream production branch release 525.125.06 (2023-05-09).
     * Fixed CVE-2023-25515, CVE-2023-25516.  (Closes: #1039678)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5468
     - Fixed a bug which prevented running a Wayland compositor in headless
       mode on GPUs without display hardware.
 .
   [ Andreas Beckmann ]
   * Update nv-readme.ids.
 .
 nvidia-graphics-drivers (525.116.04-1) unstable; urgency=medium
 .
   * New upstream production branch release 525.116.04 (2023-05-09).
   * New upstream production branch release 525.116.03 (2023-04-25).
     - Fixed a regression in Luxmark performance between 525.89.02 and
       525.105.17.
     - Fixed a bug that could cause an unexpected
       VK_ERROR_NATIVE_WINDOW_IN_USE_KHR error in certain circumstances when
       recreating Vulkan surfaces.
     - Fixed a regression that caused brightness control to not vary
       smoothly across the range of values.
     * Improved compatibility with recent Linux kernels.
 .
   [ Andreas Beckmann ]
   * Refresh patches.
   * Update nv-readme.ids.
 .
 nvidia-graphics-drivers (525.105.17-2) unstable; urgency=medium
 .
   * Backport drm_driver_has_dumb_destroy changes from 525.116.03 to fix kernel
     module build for Linux 6.4.
Checksums-Sha1:
 5e9e5dec8e57f301e9d319496e056ff96216d602 6980 
nvidia-graphics-drivers_525.125.06-1~deb12u1.dsc
 d7e29ee7ab6b70e494259011003e74a45821f3cd 217120 
nvidia-graphics-drivers_525.125.06-1~deb12u1.debian.tar.xz
 b0548acdbf8488bb6a211e4fae8f9d733d547877 5606 
nvidia-graphics-drivers_525.125.06-1~deb12u1_source.buildinfo
Checksums-Sha256:
 40361e68bb42237792fdd169428e386ce6d8dfe583c6384fe1eaa9e2d40bc421 6980 
nvidia-graphics-drivers_525.125.06-1~deb12u1.dsc
 aac9ba1d18c2e395ddd203f4cf8829dfbe141f510d8d05a5d02e3e4737989020 217120 
nvidia-graphics-drivers_525.125.06-1~deb12u1.debian.tar.xz
 dabec321a1afeccc1fd026f1e4609169e1add7220038dcba4fee2ea789beb053 5606 
nvidia-graphics-drivers_525.125.06-1~deb12u1_source.buildinfo
Files:
 3abd93a4589e8946bb73eb1061168113 6980 non-free/libs optional 
nvidia-graphics-drivers_525.125.06-1~deb12u1.dsc
 3f21b0acc904a943582b9f498a1309de 217120 non-free/libs optional 
nvidia-graphics-drivers_525.125.06-1~deb12u1.debian.tar.xz
 bbbac2bb441f66b1e9e224f7297bb009 5606 non-free/libs optional 
nvidia-graphics-drivers_525.125.06-1~deb12u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJEBAEBCAAuFiEE6/MKMKjZxjvaRMaUX7M/k1np7QgFAmSuuvwQHGFuYmVAZGVi
aWFuLm9yZwAKCRBfsz+TWentCNwjD/4tR7k4g6b/ZZIvKKHIEVN9JcD0fgIFX99J
/MZ/hL1WoHSH6nr0BJRTOdFuYz+s2IyU/2WhJwukdrT4+e8Dh3aCEsq5vgXdyw//
fbNu+EwrEXaU70X7jgpAaaEmuZv2FkodKY5sU9TjBNJaugbSsis8L2vEWKmGkWO2
FMg7TIRdrdBV+nx5C6VOtueyI0gaJAPU6T3RLnjMoOj1whiWaRqSWh7BpYL2H6xL
zbw/p16CrQVDJvIZDTgpPaSr2VHb5WKzphmVG1pmJVUNSGaVF9Inf+DuMMqbBI2K
yqzfFCxBjcIdaPCHbupmTMKIMWHzDL85iDIBkCRCObqVpNjggAUEWj0fOEoflxbQ
5AHIVKo3mG6wsnEDr7+dTfxHU6Ha2X+Zx5QuJjh7m1lZLGfFhlES3PqSCdEhJgOj
8QqJLYiXjlVh1/GjzBJt5q00hgEAf5eAqaUV7IT6RQ4TE5s64R5xJIe1fw3m/LE3
3DSIwVEpjy4lSXX8XO52erYr8kVcWzInv5BszdJlF5x0bgYy/tuIfHLjcpja9JdI
Ih1jSUiQ00Ku8kP4aqk6khl8kDKllXerUXsGpO5VcpcTxnBWo3k+RyCRPEjg3JCx
grj8H6Ckhf8AGTiMGTRtPXNqhYbEioAPnjl5eQf82cUT3jWKLkjOPu3NlsWURETR
HlLJVeQesQ==
=RFGk
-----END PGP SIGNATURE-----

--- End Message ---

Bug#1039678: marked as done (nvidia-graphics-drivers: CVE-2023-25515, CVE-2023-25516)

Reply via email to