Your message dated Wed, 27 Mar 2024 07:35:02 +0000
with message-id <e1rpnom-004mzp...@fasolo.debian.org>
and subject line Bug#1064991: fixed in nvidia-open-gpu-kernel-modules 
535.161.07-1
has caused the Debian Bug report #1064991,
regarding nvidia-open-gpu-kernel-modules: CVE-2024-0074, CVE-2024-0075, 
CVE-2024-0078
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1064991: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064991
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: nvidia-graphics-drivers
Severity: serious
Tags: security upstream
X-Debbugs-Cc: Debian Security Team <t...@security.debian.org>
Control: clone -1 -2 -3 -4 -5 -6 -7 -8 -9
Control: reassign -2 src:nvidia-graphics-drivers-legacy-340xx 340.76-6
Control: retitle -2 nvidia-graphics-drivers-legacy-340xx: CVE-2024-0074, 
CVE-2022-42265, CVE-2024-0078
Control: tag -2 + wontfix
Control: reassign -3 src:nvidia-graphics-drivers-legacy-390xx 390.48-4
Control: retitle -3 nvidia-graphics-drivers-legacy-390xx: CVE-2024-0074, 
CVE-2022-42265, CVE-2024-0078
Control: tag -3 + wontfix
Control: reassign -4 src:nvidia-graphics-drivers-tesla-418 418.87.01-1
Control: retitle -4 nvidia-graphics-drivers-tesla-418: CVE-2024-0074, 
CVE-2022-42265, CVE-2024-0078
Control: tag -4 + wontfix
Control: reassign -5 src:nvidia-graphics-drivers-tesla-450 450.51.05-1
Control: retitle -5 nvidia-graphics-drivers-tesla-450: CVE-2024-0074, 
CVE-2022-42265, CVE-2024-0078
Control: tag -5 + wontfix
Control: close -5 450.248.02-4
Control: reassign -6 src:nvidia-graphics-drivers-tesla-460 460.32.03-1
Control: retitle -6 nvidia-graphics-drivers-tesla-460: CVE-2024-0074, 
CVE-2022-42265, CVE-2024-0078
Control: tag -6 + wontfix
Control: close -6 460.106.00-3
Control: reassign -7 src:nvidia-graphics-drivers-tesla-470 470.57.02-1
Control: retitle -7 nvidia-graphics-drivers-tesla-470: CVE-2024-0074, 
CVE-2022-42265, CVE-2024-0078
Control: reassign -8 src:nvidia-graphics-drivers-tesla 510.85.02-1
Control: retitle -8 nvidia-graphics-drivers-tesla: CVE-2024-0074, 
CVE-2024-0075, CVE-2024-0078
Control: found -8 515.48.07-1
Control: found -8 525.60.13-1
Control: tag -8 + wontfix
Control: close -8 525.147.05-6
Control: reassign -9 src:nvidia-open-gpu-kernel-modules 515.43.04-1
Control: retitle -9 nvidia-open-gpu-kernel-modules: CVE-2024-0074, 
CVE-2024-0075, CVE-2024-0078
Control: found -9 520.56.06-1
Control: found -9 525.85.12-1
Control: found -9 530.30.02-1
Control: found -9 535.43.02-1
Control: found -9 545.23.06-1
Control: found -9 550.40.07-1
Control: found -1 340.24-1
Control: found -1 343.22-1
Control: found -1 396.18-1
Control: found -1 430.14-1
Control: found -1 455.23.04-1
Control: found -1 465.24.02-1
Control: found -1 495.44-1
Control: found -1 515.48.07-1
Control: found -1 520.56.06-1
Control: found -1 525.53-1
Control: found -1 530.30.02-1
Control: found -1 535.43.02-1
Control: found -1 545.23.06-1
Control: found -1 550.40.07-1
Control: fixed -7 470.239.06-1

https://nvidia.custhelp.com/app/answers/detail/a_id/5520

CVE-2024-0074   NVIDIA GPU Display Driver for Linux contains a
vulnerability where an attacker may access a memory location after the
end of the buffer. A successful exploit of this vulnerability may lead
to denial of service and data tampering.

CVE-2024-0075   NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability where a user may cause a NULL-pointer dereference by
accessing passed parameters the validity of which has not been checked.
A successful exploit of this vulnerability may lead to denial of service
and limited information disclosure.

CVE-2024-0078   NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in the kernel mode layer, where a user in a guest can
cause a NULL-pointer dereference in the host, which may lead to denial
of service.

CVE-2022-42265  NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in the kernel mode layer handler, where an unprivileged
regular user can cause integer overflow, which may lead to denial of
service, information disclosure, and data tampering.

Linux Driver Branch     CVE IDs Addressed
R550, R545, R535        CVE-2024-0074, CVE-2024-0075
R470                    CVE-2024-0074, CVE-2022-42265

Driver Branch   Affected Driver Versions                        Updated Driver 
Version
R550            All driver versions prior to 550.54.14          550.54.14
R535            All driver versions prior to 535.161.07         535.161.07
R470            All driver versions prior to 470.239.06         470.239.06
R470            All driver versions prior to 470.223.02         470.223.02


Security Updates for NVIDIA vGPU Software
Security Updates for NVIDIA Cloud Gaming

Linux Driver Branch     CVE IDs Addressed
R535                    CVE-2024-0074, CVE-2024-0075, CVE-2024-0078
R470                    CVE-2024-0074, CVE-2024-0078, CVE-2022-42265

Andreas

--- End Message ---
--- Begin Message ---
Source: nvidia-open-gpu-kernel-modules
Source-Version: 535.161.07-1
Done: Andreas Beckmann <a...@debian.org>

We believe that the bug you reported is fixed in the latest version of
nvidia-open-gpu-kernel-modules, which is due to be installed in the Debian FTP 
archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1064...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Beckmann <a...@debian.org> (supplier of updated 
nvidia-open-gpu-kernel-modules package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 27 Mar 2024 07:58:43 +0100
Source: nvidia-open-gpu-kernel-modules
Architecture: source
Version: 535.161.07-1
Distribution: experimental
Urgency: medium
Maintainer: Debian NVIDIA Maintainers <pkg-nvidia-de...@lists.alioth.debian.org>
Changed-By: Andreas Beckmann <a...@debian.org>
Closes: 1055144 1064991
Changes:
 nvidia-open-gpu-kernel-modules (535.161.07-1) experimental; urgency=medium
 .
   * New upstream LTS and Tesla branch release 535.161.07 (2024-02-22).
     * Fixed CVE-2024-0074, CVE-2024-0075, CVE-2024-0078.  (Closes: #1064991)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5520
   * New upstream LTS and Tesla branch release 535.154.05 (2024-01-16).
   * New upstream long term support branch release 535.146.02 (2023-12-07).
   * New upstream LTS and Tesla branch release 535.129.03 (2023-10-31).
     * Fixed CVE-2023-31022.  (Closes: #1055144)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5491
   * Refresh patches.
   * Sync with src:nvidia-graphics-drivers.
   * Upload to experimental.
Checksums-Sha1:
 e732030f8634da89d83d2d5b5e83f90e0d3c70d2 2729 
nvidia-open-gpu-kernel-modules_535.161.07-1.dsc
 982ffcddb8b71ad9ac5935fae11af6e3726c50e2 12494976 
nvidia-open-gpu-kernel-modules_535.161.07.orig.tar.xz
 588cbca3e347578a1d758211603b3238ccd2a9e0 20336 
nvidia-open-gpu-kernel-modules_535.161.07-1.debian.tar.xz
 bd33750a877e80077e47f4f6b84a340a6f25d7c2 5772 
nvidia-open-gpu-kernel-modules_535.161.07-1_source.buildinfo
Checksums-Sha256:
 2eb39ad354dcebd6663f7e3ecf476194558577d701e52afd248ad6d553f0ee2d 2729 
nvidia-open-gpu-kernel-modules_535.161.07-1.dsc
 039c14f2092b26fca7f79d1f7b484c2fd01c40428911113a782dd4caed573d0f 12494976 
nvidia-open-gpu-kernel-modules_535.161.07.orig.tar.xz
 7197240cd82d481646ac744ed01a40149bc6b0c6d5d294338e826c95d0dbbb4d 20336 
nvidia-open-gpu-kernel-modules_535.161.07-1.debian.tar.xz
 1eef9ff493c141632659de77907ef78ff2c897fe03d9bab3ae1420155ffd58de 5772 
nvidia-open-gpu-kernel-modules_535.161.07-1_source.buildinfo
Files:
 dce2a6155941bc774565db0fcdd296ba 2729 contrib/kernel optional 
nvidia-open-gpu-kernel-modules_535.161.07-1.dsc
 ef0fc37c6e301ce20af1cf1ed6e5ddb2 12494976 contrib/kernel optional 
nvidia-open-gpu-kernel-modules_535.161.07.orig.tar.xz
 79ba90b831c5e32cd0960ad584ed0435 20336 contrib/kernel optional 
nvidia-open-gpu-kernel-modules_535.161.07-1.debian.tar.xz
 aabf7eb67af0293b4a59521784e56b02 5772 contrib/kernel optional 
nvidia-open-gpu-kernel-modules_535.161.07-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJEBAEBCAAuFiEE6/MKMKjZxjvaRMaUX7M/k1np7QgFAmYDxQsQHGFuYmVAZGVi
aWFuLm9yZwAKCRBfsz+TWentCDgcEACjoOsdSB4r04jPtHin3rpeblVcp+TzGOMf
1NmOR8qiaiNl0W5AsWWLnKoQmtxZXLqWroTUHev9xfJDavtJvw1UzhPNFy7cI1HU
ZGdc/0Cp2OmfhlZ5zsvAA+imhffIfzlJZnPaQGTwRBkR9Kun7phzoqrSFqEsFyfT
jl+iaRcTkG0qlLQZo1tcjLLcgdYZjdmYxKSaZmviTUWPOku0eK/rrAa29PW8wZxY
+0pqHIwUadn2uNaK2QgcIa6D6p/Ivw3AFnJnOWYl/c5r9TUzMRUek9ZnREDgLx9x
4nHn7Nz7AY9pFkfcP1ISt6+y031HqamosZT0im7Tuv/5Zy3zmQ1WsOsdlrTLkGdD
k2j9f7QtLwC3tlDqB93+4w2NmHKni872EIMIsPM1C+bUsttptR+0GzQvTu2Bgy+7
4a4X31Zhbg0lRCCBS5Ouz0osCTYesDsrkpDXkL9/tmBnNqQdbGxnxwg0lnlySEH/
BIjjIE9mMxgq0tPnLlkFausVGDJ+v0gcSJu0FbRTG6ZtBxkc4iWoGSMU8X4CG2SX
zPYNuZ6hqQc2eIl7N1mHY9ST7plL6KMUJeeRpYhlM+7S9QITbLAZs3OUfxlbP7US
vkWh2kuysC5CHh2PklEKkC9GoUoZOUsXfSe4mcmsg644MaBkABQh88Wb86pLjxVI
MK/rp/jO3Q==
=0INb
-----END PGP SIGNATURE-----

Attachment: pgp6YYM3nkD1Y.pgp
Description: PGP signature


--- End Message ---

Reply via email to