Bug#1039678: marked as done (nvidia-graphics-drivers: CVE-2023-25515, CVE-2023-25516)

Debian Bug Tracking System Tue, 25 Jul 2023 13:45:22 -0700

Your message dated Tue, 25 Jul 2023 20:42:53 +0000
with message-id <e1qoort-000dva...@fasolo.debian.org>
and subject line Bug#1039678: fixed in nvidia-graphics-drivers 470.199.02-1
has caused the Debian Bug report #1039678,
regarding nvidia-graphics-drivers: CVE-2023-25515, CVE-2023-25516
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1039678: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039678
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: nvidia-graphics-drivers
Severity: serious
Tags: security upstream
X-Debbugs-Cc: Debian Security Team <t...@security.debian.org>
Control: clone -1 -2 -3 -4 -5 -6 -7 -8 -9
Control: reassign -2 src:nvidia-graphics-drivers-legacy-340xx 340.76-6
Control: retitle -2 nvidia-graphics-drivers-legacy-340xx: CVE-2023-25515, 
CVE-2023-25516
Control: tag -2 + wontfix
Control: reassign -3 src:nvidia-graphics-drivers-legacy-390xx 390.48-4
Control: retitle -3 nvidia-graphics-drivers-legacy-390xx: CVE-2023-25515, 
CVE-2023-25516
Control: tag -3 + wontfix
Control: reassign -4 src:nvidia-graphics-drivers-tesla-418 418.87.01-1
Control: retitle -4 nvidia-graphics-drivers-tesla-418: CVE-2023-25515, 
CVE-2023-25516
Control: tag -4 + wontfix
Control: reassign -5 src:nvidia-graphics-drivers-tesla-450 450.51.05-1
Control: retitle -5 nvidia-graphics-drivers-tesla-450: CVE-2023-25515, 
CVE-2023-25516
Control: reassign -6 src:nvidia-graphics-drivers-tesla-460 460.32.03-1
Control: retitle -6 nvidia-graphics-drivers-tesla-460: CVE-2023-25515, 
CVE-2023-25516
Control: tag -6 + wontfix
Control: close -6 460.106.00-3
Control: reassign -7 src:nvidia-graphics-drivers-tesla-470 470.57.02-1
Control: retitle -7 nvidia-graphics-drivers-tesla-470: CVE-2023-25515, 
CVE-2023-25516
Control: reassign -8 src:nvidia-graphics-drivers-tesla 510.85.02-1
Control: retitle -8 nvidia-graphics-drivers-tesla: CVE-2023-25515, 
CVE-2023-25516
Control: found -8 515.48.07-1
Control: found -8 525.60.13-1
Control: reassign -9 src:nvidia-open-gpu-kernel-modules 515.43.04-1
Control: retitle -9 nvidia-open-gpu-kernel-modules: CVE-2023-25515, 
CVE-2023-25516
Control: found -9 520.56.06-1
Control: found -9 525.85.12-1
Control: found -9 530.30.02-1
Control: found -1 340.24-1
Control: found -1 343.22-1
Control: found -1 396.18-1
Control: found -1 430.14-1
Control: found -1 455.23.04-1
Control: found -1 465.24.02-1
Control: found -1 495.44-1
Control: found -1 515.48.07-1
Control: found -1 520.56.06-1
Control: found -1 525.53-1
Control: found -1 530.30.02-1

https://nvidia.custhelp.com/app/answers/detail/a_id/5468

CVE-2023-25515  NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability where unexpected untrusted data is parsed, which may
lead to code execution, denial of service, escalation of privileges,
data tampering, or information disclosure.

CVE-2023-25516  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer, where an unprivileged user can
cause an integer overflow, which may lead to information disclosure and
denial of service.

Linux Driver Branch     CVE IDs Addressed
R535, R525, R470, R450  CVE-2023-25515, CVE-2023-25516

Driver Branch   Affected Driver Versions                        Updated Driver 
Version
R535            All driver versions prior to 535.54.03          535.54.03
R525            All driver versions prior to 525.125.06         525.125.06
R470            All driver versions prior to 470.199.02         470.199.02
R450            All driver versions prior to 450.248.02         450.248.02

Andreas

--- End Message ---

--- Begin Message ---

Source: nvidia-graphics-drivers
Source-Version: 470.199.02-1
Done: Andreas Beckmann <a...@debian.org>

We believe that the bug you reported is fixed in the latest version of
nvidia-graphics-drivers, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1039...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Beckmann <a...@debian.org> (supplier of updated nvidia-graphics-drivers 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 10 Jul 2023 14:44:10 +0200
Source: nvidia-graphics-drivers
Architecture: source
Version: 470.199.02-1
Distribution: bullseye
Urgency: medium
Maintainer: Debian NVIDIA Maintainers <pkg-nvidia-de...@lists.alioth.debian.org>
Changed-By: Andreas Beckmann <a...@debian.org>
Closes: 1039678
Changes:
 nvidia-graphics-drivers (470.199.02-1) bullseye; urgency=medium
 .
   * New upstream production branch release 470.199.02 (2023-06-26).
     * Fixed CVE-2023-25515, CVE-2023-25516.  (Closes: #1039678)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5468
     * Improved compatibility with recent Linux kernels.
 .
   [ Andreas Beckmann ]
   * Refresh patches.
   * Upload to bullseye.
 .
 nvidia-graphics-drivers (470.182.03-2) UNRELEASED; urgency=medium
 .
   * Backport vm_area_struct_has_const_vm_flags changes from 470.199.02 to fix
     kernel module build for Linux 6.3.
   * Backport drm_driver_has_dumb_destroy changes from 525.116.03 to fix kernel
     module build for Linux 6.4.
Checksums-Sha1:
 d33d4b09625148ba5ef5a2584f478afa136f7c85 7202 
nvidia-graphics-drivers_470.199.02-1.dsc
 55286e4c89e216295d92510eaeecde601d80c25e 273243909 
nvidia-graphics-drivers_470.199.02.orig-amd64.tar.gz
 ec38788a57403360ae3d2efda3fea2e8e586740a 183708423 
nvidia-graphics-drivers_470.199.02.orig-arm64.tar.gz
 7f7c24a9e2ce9f876a55b7715c2e738462f0db40 141 
nvidia-graphics-drivers_470.199.02.orig.tar.gz
 621bff0d860fa464271e20b9dd13291b6915b52f 210132 
nvidia-graphics-drivers_470.199.02-1.debian.tar.xz
 31b0f0a909cf053d617568c50846e9381690051f 8446 
nvidia-graphics-drivers_470.199.02-1_source.buildinfo
Checksums-Sha256:
 84b7851d28a5f8e04115aea8107c6b4d1a05cf36057abe55c5027c23ab88c2f4 7202 
nvidia-graphics-drivers_470.199.02-1.dsc
 2ca5c5672ead5f1e8754b8195b9b073dce299253374b159066b9ad58310cb301 273243909 
nvidia-graphics-drivers_470.199.02.orig-amd64.tar.gz
 b1554cbbcfd8be8203e71eaeb576deca9820e66f4d31e11295dba884af06e963 183708423 
nvidia-graphics-drivers_470.199.02.orig-arm64.tar.gz
 4b9343e50070a4233f339c51ec56873d7b8e32c7dff5d747fce66cc1057c3d99 141 
nvidia-graphics-drivers_470.199.02.orig.tar.gz
 aae3306297c543090d9e44ec27eb2ffc16c3f4f12c980d8d93d69130ca81ecf8 210132 
nvidia-graphics-drivers_470.199.02-1.debian.tar.xz
 bff6eb5d645110191164d7d8e9d32b4cc09d1834afa23f3820491cbbc902d9bd 8446 
nvidia-graphics-drivers_470.199.02-1_source.buildinfo
Files:
 89fe6c8cfdf53844437b079d77ebeb8d 7202 non-free/libs optional 
nvidia-graphics-drivers_470.199.02-1.dsc
 647f7acbaef74b810c9af1ed79a1ce7c 273243909 non-free/libs optional 
nvidia-graphics-drivers_470.199.02.orig-amd64.tar.gz
 0bdb57913e4ec5a54a24dafa65d9d0a2 183708423 non-free/libs optional 
nvidia-graphics-drivers_470.199.02.orig-arm64.tar.gz
 dd9aa0778cdf94a5edb4f080d99cff2a 141 non-free/libs optional 
nvidia-graphics-drivers_470.199.02.orig.tar.gz
 b24391d92a147a3e15a142420aadd3a2 210132 non-free/libs optional 
nvidia-graphics-drivers_470.199.02-1.debian.tar.xz
 83c25282aa58d962f4ac29fb5c352401 8446 non-free/libs optional 
nvidia-graphics-drivers_470.199.02-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJEBAEBCAAuFiEE6/MKMKjZxjvaRMaUX7M/k1np7QgFAmSr/kEQHGFuYmVAZGVi
aWFuLm9yZwAKCRBfsz+TWentCAUiD/9uw02ZbGYVGWceRLDG2uYYMhT8/tkfTScH
jrMEsf5Vnj9O1ChT5qQmWjolEfZ+bKaytJoX5c25ZuKGxOQdbkmw5/5QF4aejpnK
D8lx6rfxMnPvfoTjJ4GAlA4vcEXu9d4hAoDfheI4FCmFtTe/G8cj4M8or/R9W60U
ENJA3ZJ6B0ze3Sd/MaLyWGKDLcp0UPdNNZ7fKArv5x9vwKklWtfZulAduRqYEqia
x091xh+TSANAsUhorWM4rcmaIPIl2OPKh/n4Ox3hZ8CYN+zl0XSXcYtWSKe64t/X
P6/I36hfX3xzUo8Y3twz/MQ/sLP31bXN/9RM8HTazU5gP8tb0n5VpFXo8+dr3SId
OBs79njkClitDX/FFEcQ6NSp9e3Bi6Gz/hoAdx0ca5gEQ2hEeuPZkEMsTjctTgpp
jHhuvDgce+v6AMuGMm9qNR0mi2Fc4U1h9YErIOaewF6uukhPIvw5ka3Aa09lCsqn
Y3EWWgtO4t1NlBNLFb52myAdh832FagWPZZLG86fxkaIfG8ODhdz8S2aLoKigFFP
jqzu29XE5wdItyakv3qgC0CLAOuVyOhd7z84T+gHMHKRpUYgd6er1TGivNTdPA0P
KeCjl5SYxlr8Eb6+TBktcOyV/l0hFccUuscZ4S+jCvBz09bOMt8a4V+YGnoBDzcB
rqx7frIwmA==
=U3s9
-----END PGP SIGNATURE-----

--- End Message ---

Bug#1039678: marked as done (nvidia-graphics-drivers: CVE-2023-25515, CVE-2023-25516)

Reply via email to