Your message dated Tue, 22 Apr 2014 12:19:03 +0000 with message-id <[email protected]> and subject line Bug#745499: fixed in nvidia-settings 331.67-1 has caused the Debian Bug report #745499, regarding nvidia-settings: CVE-2013-6401 Jansson hash collision issue to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 745499: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=745499 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: nvidia-settings Version: 319.17-1 Severity: serious Tags: security Just saw this in the upstream changelog for 331.67: - Updated nvidia-settings to use libjansson commit 88aa6a9e30e7465196a737bd0f82eb17f393a120 from the repository at: git://github.com/akheron/jansson.git This commit contains the relevant fixes for CVE-2013-6401. Looks like the nvidia-settings 319 series introduced an embedded code copy of jansson (whatever that is). http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6401 Andreas
--- End Message ---
--- Begin Message ---Source: nvidia-settings Source-Version: 331.67-1 We believe that the bug you reported is fixed in the latest version of nvidia-settings, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Andreas Beckmann <[email protected]> (supplier of updated nvidia-settings package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 22 Apr 2014 14:00:53 +0200 Source: nvidia-settings Binary: nvidia-settings libxnvctrl0 libxnvctrl-dev Architecture: source amd64 Version: 331.67-1 Distribution: unstable Urgency: medium Maintainer: Debian NVIDIA Maintainers <[email protected]> Changed-By: Andreas Beckmann <[email protected]> Description: libxnvctrl-dev - NV-CONTROL X extension (development files) libxnvctrl0 - NV-CONTROL X extension (runtime library) nvidia-settings - tool for configuring the NVIDIA graphics driver${nvidia:LegacyDes Closes: 745499 Changes: nvidia-settings (331.67-1) unstable; urgency=medium . * New upstream release 331.67. - Added support for Tridelity SL stereo mode. - Fixed a bug that could cause nvidia-settings to crash or display incorrect information after switching virtual terminals while a color correction confirmation countdown was active. * New upstream release 331.49. * New upstream release 319 series. - Updated nvidia-settings to use libjansson commit 88aa6a9e30e7465196a737bd0f82eb17f393a120 from the repository at: git://github.com/akheron/jansson.git This commit contains the relevant fixes for CVE-2013-6401. (Closes: #745499) * Upload to unstable. Checksums-Sha1: 5e7e3fbefc32197cede60700f07ab855548eac34 2384 nvidia-settings_331.67-1.dsc 9d1601287e63e014dd55690467af0caea42c8a6e 1552309 nvidia-settings_331.67.orig.tar.bz2 5244d0ece933cb2c1ca77e2d845708c2faed020d 14644 nvidia-settings_331.67-1.debian.tar.xz b144639c7bf7310903221ef6678aef9bf864c87c 726552 nvidia-settings_331.67-1_amd64.deb 95b6a614624999500e8068064c88e421e1c55e8a 19050 libxnvctrl0_331.67-1_amd64.deb 5050c7f1c7e4fa970e9af94bcb597db271876a5e 81524 libxnvctrl-dev_331.67-1_amd64.deb Checksums-Sha256: a2e3223e5de6f409a3123e136a8b0cc63ff1cd1d52ed5237fa6480cb6a18210a 2384 nvidia-settings_331.67-1.dsc 61d4bafe558136430112019ebb7c774708e831f96212c49def8d180605ecfac9 1552309 nvidia-settings_331.67.orig.tar.bz2 56df7746cdebfd7ea4cf2a3e94a666df04f4ee6002a3d66fea7ab0b10c10a78b 14644 nvidia-settings_331.67-1.debian.tar.xz ac3277832e29804dbe1d31cf584e59f0b03eb56261e062f3d2160e5fbff7b8ab 726552 nvidia-settings_331.67-1_amd64.deb 1c50642789298419a9a70294c97e386bf32115e05bd3f504389aa8e336432e07 19050 libxnvctrl0_331.67-1_amd64.deb aad7e8d02dba285e92f6690533023a72bd99e19ccc0e2d6c3d03498133cdbcb3 81524 libxnvctrl-dev_331.67-1_amd64.deb Files: 71792df983f50b5e0d0a94d0598876cf 2384 contrib/x11 optional nvidia-settings_331.67-1.dsc 5d6ab3437d6a8fc0a0a30d7d4f43c11d 1552309 contrib/x11 optional nvidia-settings_331.67.orig.tar.bz2 7f86e6952445e57c142a9bdbffca8d1d 14644 contrib/x11 optional nvidia-settings_331.67-1.debian.tar.xz 01016af18eed484f307415a8429e8b9b 726552 contrib/x11 optional nvidia-settings_331.67-1_amd64.deb 2b69d812e7d65125b8e86f903056b502 19050 contrib/libs optional libxnvctrl0_331.67-1_amd64.deb a85c14ebdd914e46e2b19d1496f9233f 81524 contrib/libdevel optional libxnvctrl-dev_331.67-1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJTVlp6AAoJEF+zP5NZ6e0I+EUP/3uzSgQ5A3a0tLPd5ZsHT+dk MwXXSPf6rjjvFo4u0Nb47EfzaS/a9uCCUsmu3dBaEk/gUKsqZxvn78B7kNm9aifv o4ldQGvnrnLuw1YIRVKrJNeWAlMJKTPpkFZ4jrK+z+bLAxhvurBGFleiC6sI4+nA WZ4gD8YLZ4QHvfPd8YQr/Xt6f6hbmUQrPe2aYcjgGCIBkLrz64a2Ox9c8/EszsOG s3qtIhsyizHZ4OpAb2Y12ArPdnIR0HQBElCKTJSLHQPdIPF8BFSc0zj+eq0vmVVh fzw7Z17/KZkHp9HCKzaXGSukZ9N9AmBhAmzBoElkjJtN6Vu4GJNtcUma6cnd0j16 7MoLjhYuyEO7Q5CIWlIDanFVSAfDlF55lZV9VZADUdOLE52XJu4Cg2X/6SFnMgAf RZUqk3Qj4L13Yl1sEMabTuTsqN6NYFGScthU1DyOTT7kaF5/JKae07oewubwMV9Y P6YJV+G+bJvV5sh/JmfLEOIFxlg4T0jXiw1UrywFSAeP0xk72JAFEjgI18Q6Be/k //TVEs4wCueioBj5KWA1PWZ5NmudIUgxz6j8q8HRDW52XwVtqjImlwDcW9q9zYnI Dl33p9EMlDRqITMR6AaX3NSvDZbBoZAjQytXcauhw9Is0bOAswtc0skikiMHkfRs NP0ziSkp59y++envZYHk =GWM/ -----END PGP SIGNATURE-----
--- End Message ---
