Your message dated Sat, 13 Dec 2014 00:18:56 +0000
with message-id <[email protected]>
and subject line Bug#772971: fixed in nvidia-graphics-drivers 343.36-1
has caused the Debian Bug report #772971,
regarding src:nvidia-graphics-drivers*: CVE-2014-8298: GLX-INDIRECT (Including
CVE-2014-8093, CVE-2014-8098)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
772971: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772971
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: nvidia-graphics-drivers
Severity: critical
Tags: security
This is the NVIDIA-specific part of
DSA-3095-1 xorg-server -- security update
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8298
The NVIDIA Linux Discrete GPU drivers before R304.125, R331.x before
R331.113, R340.x before R340.65, R343.x before R343.36, and R346.x
before R346.22, Lixux for Tegra (L4T) driver before R21.2, and Chrome OS
driver before R40 allows remote attackers to cause a denial of service
(segmentation fault and X server crash) or possibly execute arbitrary
code via a crafted GLX indirect rendering protocol request.
http://lists.x.org/archives/xorg-announce/2014-December/002500.html
http://nvidia.custhelp.com/app/answers/detail/a_id/3610
Release series fixed in version
-------------- ----------------
Releases prior to 304 Has reached 'end of life' and no longer
supported.
304.* 304.125 available as of 12/9
319.* no longer supported
331.* 331.113 available as of 12/9
340.* 340.65 available as of 12/9
343.* 343.36 available as of 12/9
346.* 346.22 Beta available as of 12/9
All NVIDIA drivers (in non-free) are affected:
not fixable (no new upstream release will be provided):
nvidia-graphics-drivers-legacy-96xx | 96.43.18-2 | squeeze/non-free
| source
nvidia-graphics-drivers-legacy-96xx | 96.43.23-3 | wheezy/non-free
| source
nvidia-graphics-drivers-legacy-96xx | 96.43.23-7~bpo70+1 |
wheezy-backports/non-free | source
nvidia-graphics-drivers-legacy-173xx | 173.14.27-2 | squeeze/non-free
| source
nvidia-graphics-drivers-legacy-173xx | 173.14.35-1~bpo60+2 |
squeeze-backports/non-free | source
nvidia-graphics-drivers-legacy-173xx | 173.14.35-4 | wheezy/non-free
| source
nvidia-graphics-drivers-legacy-173xx | 173.14.39-2~bpo70+1 |
wheezy-backports/non-free | source
nvidia-graphics-drivers | 195.36.31-6squeeze2 | squeeze/non-free
| source
nvidia-graphics-drivers | 295.59-1~bpo60+2 |
squeeze-backports/non-free | source
uploads planned (new upstream release required):
nvidia-graphics-drivers | 304.117-1 | wheezy/non-free
| source
nvidia-graphics-drivers-legacy-304xx | 304.123-4~bpo70+1 |
wheezy-backports/non-free | source
nvidia-graphics-drivers-legacy-304xx | 304.123-4 | jessie/non-free
| source
nvidia-graphics-drivers-legacy-304xx | 304.123-4 | sid/non-free
| source
nvidia-graphics-drivers | 319.82-1~bpo70+2 |
wheezy-backports/non-free | source
nvidia-graphics-drivers | 340.46-6 | jessie/non-free
| source
nvidia-graphics-drivers | 340.58-1 | sid/non-free
| source
nvidia-graphics-drivers | 343.22-2 |
experimental/non-free | source
I expect wheezy (only nvidia-graphics-drivers can be fixed there)
shall be fixed via wheezy-proposed-updates, no DSA, as in the previous ones?
Andreas
--- End Message ---
--- Begin Message ---
Source: nvidia-graphics-drivers
Source-Version: 343.36-1
We believe that the bug you reported is fixed in the latest version of
nvidia-graphics-drivers, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andreas Beckmann <[email protected]> (supplier of updated nvidia-graphics-drivers
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 13 Dec 2014 00:55:32 +0100
Source: nvidia-graphics-drivers
Binary: nvidia-driver nvidia-driver-bin nvidia-glx xserver-xorg-video-nvidia
libgl1-nvidia-glx libgl1-nvidia-glx-i386 libegl1-nvidia libgles1-nvidia
libgles2-nvidia libnvidia-eglcore nvidia-alternative nvidia-kernel-dkms
nvidia-kernel-source nvidia-vdpau-driver nvidia-smi nvidia-cuda-mps libcuda1
libcuda1-i386 libnvidia-compiler libnvcuvid1 libnvidia-encode1 libnvidia-ifr1
libnvidia-fbc1 libnvidia-ml1 nvidia-opencl-common nvidia-opencl-icd
nvidia-libopencl1 nvidia-detect
Architecture: source
Version: 343.36-1
Distribution: experimental
Urgency: medium
Maintainer: Debian NVIDIA Maintainers <[email protected]>
Changed-By: Andreas Beckmann <[email protected]>
Description:
libcuda1 - NVIDIA CUDA Driver Library
libcuda1-i386 - NVIDIA CUDA 32-bit runtime library${nvidia:LegacyDesc}
libegl1-nvidia - NVIDIA binary EGL libraries${nvidia:LegacyDesc}
libgl1-nvidia-glx - NVIDIA binary OpenGL libraries${nvidia:LegacyDesc}
libgl1-nvidia-glx-i386 - NVIDIA binary OpenGL 32-bit
libraries${nvidia:LegacyDesc}
libgles1-nvidia - NVIDIA binary OpenGL|ES 1.x libraries${nvidia:LegacyDesc}
libgles2-nvidia - NVIDIA binary OpenGL|ES 2.x libraries${nvidia:LegacyDesc}
libnvcuvid1 - NVIDIA CUDA Video Decoder runtime library
libnvidia-compiler - NVIDIA runtime compiler library
libnvidia-eglcore - NVIDIA binary EGL core libraries${nvidia:LegacyDesc}
libnvidia-encode1 - NVENC Video Encoding runtime library
libnvidia-fbc1 - NVIDIA OpenGL-based Framebuffer Capture runtime library
libnvidia-ifr1 - NVIDIA OpenGL-based Inband Frame Readback runtime library
libnvidia-ml1 - NVIDIA Management Library (NVML) runtime library
nvidia-alternative - allows the selection of NVIDIA as GLX provider
nvidia-cuda-mps - NVIDIA CUDA Multi Process Service (MPS)
nvidia-detect - NVIDIA GPU detection utility
nvidia-driver - NVIDIA metapackage${nvidia:LegacyDesc}
nvidia-driver-bin - NVIDIA driver support binaries${nvidia:LegacyDesc}
nvidia-glx - transition to ${nvidia}-driver
nvidia-kernel-dkms - NVIDIA binary kernel module DKMS
source${nvidia:LegacyDesc}
nvidia-kernel-source - NVIDIA binary kernel module source${nvidia:LegacyDesc}
nvidia-libopencl1 - NVIDIA OpenCL ICD Loader library
nvidia-opencl-common - NVIDIA OpenCL driver
nvidia-opencl-icd - NVIDIA OpenCL installable client driver (ICD)
nvidia-smi - NVIDIA System Management Interface
nvidia-vdpau-driver - Video Decode and Presentation API for Unix - NVIDIA
driver
xserver-xorg-video-nvidia - NVIDIA binary Xorg driver${nvidia:LegacyDesc}
Closes: 772971
Changes:
nvidia-graphics-drivers (343.36-1) experimental; urgency=medium
.
* New upstream short lived branch release 343.36 (2014-12-05).
* Fixes CVE-2014-8298. (Closes: #772971)
- Fixed a bug that rendered very bright garbage data onto some textures
in UnrealEngine 4 applications. This issue is known as the "disco bug"
by the UnrealEngine 4 Linux community.
* nvidia-opencl-icd: Restore the Depends: libcuda1.
Checksums-Sha1:
a3909eb1dc50d26d5ab6051d7c34e63d5f1b84ed 4457
nvidia-graphics-drivers_343.36-1.dsc
bb20b5f10d94d25ee070be7b2aa1bb55c866b451 138777998
nvidia-graphics-drivers_343.36.orig.tar.gz
78e0cad16c593c69b72e0e5bdccce89cf73a7104 119488
nvidia-graphics-drivers_343.36-1.debian.tar.xz
Checksums-Sha256:
e5e4d7176275d547832afd57647167fdaec50a04190f88e043c8b843fcf43665 4457
nvidia-graphics-drivers_343.36-1.dsc
cee995d8f52a519f0a1a8addaff2307880fafbd1722d36ca18cd58bf51eae62d 138777998
nvidia-graphics-drivers_343.36.orig.tar.gz
1ff1a49f63b7dad70091ef6b3526edf929191c01c6a0cd782480f9d23f1b80b7 119488
nvidia-graphics-drivers_343.36-1.debian.tar.xz
Files:
ad2f99576ba6fb6facbeb5764fcf3e48 4457 non-free/libs optional
nvidia-graphics-drivers_343.36-1.dsc
a5be4bae8e8e9c42ec5af041d5afd9f8 138777998 non-free/libs optional
nvidia-graphics-drivers_343.36.orig.tar.gz
f16c27841e38ae3a0df02141d02bd268 119488 non-free/libs optional
nvidia-graphics-drivers_343.36-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJUi4GPAAoJEF+zP5NZ6e0IbL0P/izKQ6alJNDgA6QtTKGRaJA8
AgCLzfugcTmES7XsyTiw20dVME0I2hB0vTjDUGaAdU2Hx9FRm++8J3qaX5TNBuHZ
N5qCl4CWTYV9sCMgCkTs78AQMwXIVXUtJBBOkOEvjDX2IjwZ8jgXBb4nTPrkyOSc
BdejkU+JTrCMTM1/iOuwJYCkRXgL2gv27Z5F1YHLwAOP8R87vn81JjNHWId+knZS
Tg89BdTSh1qUsMkjiyBlvOMd/lLneyiUbfcm5vFKrAkEXg05TCrP+9DM3Fw12nlL
j9B6UD8dxRVX0POorAPmHei5bTiNO4hEbuQj76+KmCm8+iF8+qwZsgOVodD31MN8
eeeb0TGuAM04lo/pOxTmX6yEvHOqXRB4BoN4+IANCxrZHvNMf0K+lF5XNvAKRd+R
JUSX2AoLiSctmMTAzbFKTHXBY6xOSFDGfO/1TjAvbcdur7zKLZ9N2OqUcolVy7oL
5ozQJxyO4hYeEJUzUitNj9rTb/e/5RvJG5YbmgbGgKiwN7Q4IfFu+rrKDcD9XWBv
oB3lN2eXZWTxa8IY9ojBTv4+sU0Qg0O80/cz8UCVZ2aDcnd4s1PmGRFFjUC1XUIs
4U3ldgHk7QT3PC4Pbs+dnIbuTYrDxgZ4L06SRaVYuWIbMUV2ixM+5XK2JS4UDMIM
QT7CQ4zkgb5uewN8mEj1
=DiH0
-----END PGP SIGNATURE-----
--- End Message ---
