Bug#1039678: marked as done (nvidia-graphics-drivers: CVE-2023-25515, CVE-2023-25516)

Tue, 25 Jul 2023 13:45:27 -0700 

Your message dated Tue, 25 Jul 2023 20:43:04 +0000
with message-id <e1qoos4-000dwe...@fasolo.debian.org>
and subject line Bug#1039678: fixed in nvidia-graphics-drivers-tesla-470 
470.199.02-1~deb11u1
has caused the Debian Bug report #1039678,
regarding nvidia-graphics-drivers: CVE-2023-25515, CVE-2023-25516
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1039678: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039678
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Source: nvidia-graphics-drivers
Severity: serious
Tags: security upstream
X-Debbugs-Cc: Debian Security Team <t...@security.debian.org>
Control: clone -1 -2 -3 -4 -5 -6 -7 -8 -9
Control: reassign -2 src:nvidia-graphics-drivers-legacy-340xx 340.76-6
Control: retitle -2 nvidia-graphics-drivers-legacy-340xx: CVE-2023-25515, 
CVE-2023-25516
Control: tag -2 + wontfix
Control: reassign -3 src:nvidia-graphics-drivers-legacy-390xx 390.48-4
Control: retitle -3 nvidia-graphics-drivers-legacy-390xx: CVE-2023-25515, 
CVE-2023-25516
Control: tag -3 + wontfix
Control: reassign -4 src:nvidia-graphics-drivers-tesla-418 418.87.01-1
Control: retitle -4 nvidia-graphics-drivers-tesla-418: CVE-2023-25515, 
CVE-2023-25516
Control: tag -4 + wontfix
Control: reassign -5 src:nvidia-graphics-drivers-tesla-450 450.51.05-1
Control: retitle -5 nvidia-graphics-drivers-tesla-450: CVE-2023-25515, 
CVE-2023-25516
Control: reassign -6 src:nvidia-graphics-drivers-tesla-460 460.32.03-1
Control: retitle -6 nvidia-graphics-drivers-tesla-460: CVE-2023-25515, 
CVE-2023-25516
Control: tag -6 + wontfix
Control: close -6 460.106.00-3
Control: reassign -7 src:nvidia-graphics-drivers-tesla-470 470.57.02-1
Control: retitle -7 nvidia-graphics-drivers-tesla-470: CVE-2023-25515, 
CVE-2023-25516
Control: reassign -8 src:nvidia-graphics-drivers-tesla 510.85.02-1
Control: retitle -8 nvidia-graphics-drivers-tesla: CVE-2023-25515, 
CVE-2023-25516
Control: found -8 515.48.07-1
Control: found -8 525.60.13-1
Control: reassign -9 src:nvidia-open-gpu-kernel-modules 515.43.04-1
Control: retitle -9 nvidia-open-gpu-kernel-modules: CVE-2023-25515, 
CVE-2023-25516
Control: found -9 520.56.06-1
Control: found -9 525.85.12-1
Control: found -9 530.30.02-1
Control: found -1 340.24-1
Control: found -1 343.22-1
Control: found -1 396.18-1
Control: found -1 430.14-1
Control: found -1 455.23.04-1
Control: found -1 465.24.02-1
Control: found -1 495.44-1
Control: found -1 515.48.07-1
Control: found -1 520.56.06-1
Control: found -1 525.53-1
Control: found -1 530.30.02-1

https://nvidia.custhelp.com/app/answers/detail/a_id/5468

CVE-2023-25515  NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability where unexpected untrusted data is parsed, which may
lead to code execution, denial of service, escalation of privileges,
data tampering, or information disclosure.

CVE-2023-25516  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer, where an unprivileged user can
cause an integer overflow, which may lead to information disclosure and
denial of service.

Linux Driver Branch     CVE IDs Addressed
R535, R525, R470, R450  CVE-2023-25515, CVE-2023-25516

Driver Branch   Affected Driver Versions                        Updated Driver 
Version
R535            All driver versions prior to 535.54.03          535.54.03
R525            All driver versions prior to 525.125.06         525.125.06
R470            All driver versions prior to 470.199.02         470.199.02
R450            All driver versions prior to 450.248.02         450.248.02

Andreas

--- End Message ---
--- Begin Message --- 
Source: nvidia-graphics-drivers-tesla-470
Source-Version: 470.199.02-1~deb11u1
Done: Andreas Beckmann <a...@debian.org>

We believe that the bug you reported is fixed in the latest version of
nvidia-graphics-drivers-tesla-470, which is due to be installed in the Debian 
FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1039...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Beckmann <a...@debian.org> (supplier of updated 
nvidia-graphics-drivers-tesla-470 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 10 Jul 2023 16:05:23 +0200
Source: nvidia-graphics-drivers-tesla-470
Architecture: source
Version: 470.199.02-1~deb11u1
Distribution: bullseye
Urgency: medium
Maintainer: Debian NVIDIA Maintainers <pkg-nvidia-de...@lists.alioth.debian.org>
Changed-By: Andreas Beckmann <a...@debian.org>
Closes: 1038004 1039678 1039684
Changes:
 nvidia-graphics-drivers-tesla-470 (470.199.02-1~deb11u1) bullseye; 
urgency=medium
 .
   * Rebuild for bullseye.
 .
 nvidia-graphics-drivers-tesla-470 (470.199.02-1~deb12u1) bookworm; 
urgency=medium
 .
   * Rebuild for bookworm.
 .
 nvidia-graphics-drivers-tesla-470 (470.199.02-1) unstable; urgency=medium
 .
   * New upstream production branch release 470.199.02 (2023-06-26).
     * Fixed CVE-2023-25515, CVE-2023-25516.  (Closes: #1039684)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5468
     * Improved compatibility with recent Linux kernels.
 .
   [ Andreas Beckmann ]
   * Refresh patches.
 .
 nvidia-graphics-drivers (470.199.02-1) bullseye; urgency=medium
 .
   * New upstream production branch release 470.199.02 (2023-06-26).
     * Fixed CVE-2023-25515, CVE-2023-25516.  (Closes: #1039678)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5468
     * Improved compatibility with recent Linux kernels.
 .
   [ Andreas Beckmann ]
   * Refresh patches.
   * Upload to bullseye.
 .
 nvidia-graphics-drivers-tesla-470 (470.182.03-2) unstable; urgency=medium
 .
   * Backport vm_area_struct_has_const_vm_flags changes from 470.199.02 to fix
     kernel module build for Linux 6.3.  (Closes: #1038004)
   * Backport drm_driver_has_dumb_destroy changes from 525.116.03 to fix kernel
     module build for Linux 6.4.
Checksums-Sha1:
 9ae7c20b5192d78d8f2375dc288f20c39ff47192 8188 
nvidia-graphics-drivers-tesla-470_470.199.02-1~deb11u1.dsc
 95f273c832d6f5d78214eb3fd1e46bac2252c257 211768 
nvidia-graphics-drivers-tesla-470_470.199.02-1~deb11u1.debian.tar.xz
 d206648de3d6ad76039dad3a7aa934fed1ea21c5 8528 
nvidia-graphics-drivers-tesla-470_470.199.02-1~deb11u1_source.buildinfo
Checksums-Sha256:
 3a86be4f61f8ad7cf15c5c6a2e9f679c07ef34afcbebe7f30a3a0f9b6050fdd8 8188 
nvidia-graphics-drivers-tesla-470_470.199.02-1~deb11u1.dsc
 7c658f4fd5dd5a7aa12c0dc4d460ed2aa8fc973668cc2382277ec8e5a31cf119 211768 
nvidia-graphics-drivers-tesla-470_470.199.02-1~deb11u1.debian.tar.xz
 54fcb8048f5df826f961d69bc8b4d3ab6f35c52e4fb6128f996092a485091757 8528 
nvidia-graphics-drivers-tesla-470_470.199.02-1~deb11u1_source.buildinfo
Files:
 bce3d2ba7530c3547e73d606e85727b3 8188 non-free/libs optional 
nvidia-graphics-drivers-tesla-470_470.199.02-1~deb11u1.dsc
 a1f2cdf5c62e95a676200355d7c58e31 211768 non-free/libs optional 
nvidia-graphics-drivers-tesla-470_470.199.02-1~deb11u1.debian.tar.xz
 570297f52a64fffec145748a3c856fd7 8528 non-free/libs optional 
nvidia-graphics-drivers-tesla-470_470.199.02-1~deb11u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJEBAEBCAAuFiEE6/MKMKjZxjvaRMaUX7M/k1np7QgFAmSsgioQHGFuYmVAZGVi
aWFuLm9yZwAKCRBfsz+TWentCFSHD/9drIr0iWTs+kpoe3ZtnRDtQsrjgkgn1swk
aUvWYc0sWHEFsD/Pnssx0upeaDXM8M+XMpN+xqS2TVhDUhZn+xlFlqY8wOaKyeaK
xHaZGa4iiJZvBHDQNKDd8Y4W4aDAqSnDESP4gSOYM0LNfcQq2qV2w78nSvCFzjhC
qIahK3vQMC38Q+bWLQKyAxwmH7hFCtJeurN7b8ZxMi4URePTkJeABpJD9UGhBOqe
0YQ1878P2XFmrM2Me5agxkCZWVNC65ouFjor5mCMrsHWCVE82UnGYxWlo35B100I
wxlOLIywj2N5qq7esSv5wkW/FWObmatzYAmiXHkz6IRU2x3hPvRCdJIISx7EUFiL
QaZvSkRon17NElBS7vxGDl8d/fwocYdHGuQjRlomuhHkYmbTrVVX38kJh4zFkKi+
lJxREjXrwXwJIvxJ9qo82C0Q2LpqMzrBp9HTHSuQV2ZSWhSkT4nJ/WW2gVVKBYeU
oqTatId7TrpxVXAGvfHEBkrzVdkHKDx0wRH6ouXtWqNQBu84/xCI5v3WuN3XpNZJ
89Dg5gHqE7sopDbWRTt0INso9Ny40xCQUVpxHF0gxtV2gCxOV2FFifBj9OGcSqI9
8NbmocqUWmn7WXHkUXRArA3Z8dA25RFmEqX9TYuzCxFk4t/EMmaNtwjnPvyuMQA+
V3SyplDHUw==
=XhIW
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to