Bug#1025285: marked as done (nvidia-graphics-drivers-tesla-470: CVE-2022-34670, CVE-2022-34674, CVE-2022-34675, CVE-2022-34677, CVE-2022-34679, CVE-2022-34680, CVE-2022-34682, CVE-2022-42254, CVE-2022-42255, CVE-2022-42256, CVE-2022-42257, CVE-2022-42258, CVE-2022-42259, CVE-2022-42260, CVE-2022-42261, CVE-2022-42262, CVE-2022-42263, CVE-2022-42264)

[Debian Bug Tracking System]

Your message dated Thu, 08 Dec 2022 15:06:16 +0000
with message-id <e1p3ity-006i4z...@fasolo.debian.org>
and subject line Bug#1025285: fixed in nvidia-graphics-drivers-tesla-470 
470.161.03-1
has caused the Debian Bug report #1025285,
regarding nvidia-graphics-drivers-tesla-470: CVE-2022-34670, CVE-2022-34674, 
CVE-2022-34675, CVE-2022-34677, CVE-2022-34679, CVE-2022-34680, CVE-2022-34682, 
CVE-2022-42254, CVE-2022-42255, CVE-2022-42256, CVE-2022-42257, CVE-2022-42258, 
CVE-2022-42259, CVE-2022-42260, CVE-2022-42261, CVE-2022-42262, CVE-2022-42263, 
CVE-2022-42264
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1025285: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025285
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: nvidia-graphics-drivers
Severity: serious
Tags: security upstream
Control: clone -1 -2 -3 -4 -5 -6 -7 -8 -9
Control: reassign -2 src:nvidia-graphics-drivers-legacy-340xx 340.76-6
Control: retitle -2 nvidia-graphics-drivers-legacy-340xx: CVE-2022-34670, 
CVE-2022-34674, CVE-2022-34675, CVE-2022-34677, CVE-2022-34680, CVE-2022-42257, 
CVE-2022-42258, CVE-2022-42259
Control: tag -2 + wontfix
Control: reassign -3 src:nvidia-graphics-drivers-legacy-390xx 390.48-4
Control: retitle -3 nvidia-graphics-drivers-legacy-390xx: CVE-2022-34670, 
CVE-2022-34674, CVE-2022-34675, CVE-2022-34677, CVE-2022-34680, CVE-2022-42257, 
CVE-2022-42258, CVE-2022-42259
Control: reassign -4 src:nvidia-graphics-drivers-tesla-418 418.87.01-1
Control: retitle -4 nvidia-graphics-drivers-tesla-418: CVE-2022-34670, 
CVE-2022-34674, CVE-2022-34675, CVE-2022-34677, CVE-2022-34679, CVE-2022-34680, 
CVE-2022-34682, CVE-2022-42254, CVE-2022-42256, CVE-2022-42257, CVE-2022-42258, 
CVE-2022-42259, CVE-2022-42260, CVE-2022-42261, CVE-2022-42262, CVE-2022-42263, 
CVE-2022-42264
Control: tag -4 + wontfix
Control: reassign -5 src:nvidia-graphics-drivers-tesla-450 450.51.05-1
Control: retitle -5 nvidia-graphics-drivers-tesla-450: CVE-2022-34670, 
CVE-2022-34674, CVE-2022-34675, CVE-2022-34677, CVE-2022-34679, CVE-2022-34680, 
CVE-2022-34682, CVE-2022-42254, CVE-2022-42256, CVE-2022-42257, CVE-2022-42258, 
CVE-2022-42259, CVE-2022-42260, CVE-2022-42261, CVE-2022-42262, CVE-2022-42263, 
CVE-2022-42264
Control: reassign -6 src:nvidia-graphics-drivers-tesla-460 460.32.03-1
Control: retitle -6 nvidia-graphics-drivers-tesla-460: CVE-2022-34670, 
CVE-2022-34674, CVE-2022-34675, CVE-2022-34677, CVE-2022-34679, CVE-2022-34680, 
CVE-2022-34682, CVE-2022-42254, CVE-2022-42255, CVE-2022-42256, CVE-2022-42257, 
CVE-2022-42258, CVE-2022-42259, CVE-2022-42260, CVE-2022-42261, CVE-2022-42262, 
CVE-2022-42263, CVE-2022-42264
Control: tag -6 + wontfix
Control: close -6 460.106.00-3
Control: reassign -7 src:nvidia-graphics-drivers-tesla-470 470.57.02-1
Control: retitle -7 nvidia-graphics-drivers-tesla-470: CVE-2022-34670, 
CVE-2022-34674, CVE-2022-34675, CVE-2022-34677, CVE-2022-34679, CVE-2022-34680, 
CVE-2022-34682, CVE-2022-42254, CVE-2022-42255, CVE-2022-42256, CVE-2022-42257, 
CVE-2022-42258, CVE-2022-42259, CVE-2022-42260, CVE-2022-42261, CVE-2022-42262, 
CVE-2022-42263, CVE-2022-42264
Control: reassign -8 src:nvidia-graphics-drivers-tesla-510 510.47.03-1
Control: retitle -8 nvidia-graphics-drivers-tesla-510: CVE-2022-34670, 
CVE-2022-34674, CVE-2022-34675, CVE-2022-34677, CVE-2022-34679, CVE-2022-34680, 
CVE-2022-34682, CVE-2022-34684, CVE-2022-42254, CVE-2022-42255, CVE-2022-42256, 
CVE-2022-42257, CVE-2022-42258, CVE-2022-42259, CVE-2022-42260, CVE-2022-42261, 
CVE-2022-42262, CVE-2022-42263, CVE-2022-42264
Control: reassign -9 src:nvidia-graphics-drivers-tesla 510.85.02-1
Control: retitle -9 nvidia-graphics-drivers-tesla: CVE-2022-34670, 
CVE-2022-34674, CVE-2022-34675, CVE-2022-34677, CVE-2022-34679, CVE-2022-34680, 
CVE-2022-34682, CVE-2022-34684, CVE-2022-42254, CVE-2022-42255, CVE-2022-42256, 
CVE-2022-42257, CVE-2022-42258, CVE-2022-42259, CVE-2022-42260, CVE-2022-42261, 
CVE-2022-42262, CVE-2022-42263, CVE-2022-42264
Control: found -1 340.24-1
Control: found -1 343.22-1
Control: found -1 396.18-1
Control: found -1 430.14-1
Control: found -1 455.23.04-1
Control: found -1 465.24.02-1
Control: found -1 495.44-1
Control: found -1 515.48.07-1

https://nvidia.custhelp.com/app/answers/detail/a_id/5415

CVE-2022-34670  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer handler, where an unprivileged
regular user can cause truncation errors when casting a primitive to a
primitive of smaller size causes data to be lost in the conversion,
which may lead to denial of service or information disclosure.

CVE-2022-42263  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer handler, where an Integer
overflow may lead to denial of service or information disclosure.

CVE-2022-34676  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer handler, where an out-of-bounds
read may lead to denial of service, information disclosure, or data
tampering.

CVE-2022-42264  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer, where an unprivileged regular
user can cause the use of an out-of-range pointer offset, which may lead
to data tampering, data loss, information disclosure, or denial of
service.

CVE-2022-34674  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer handler, where a helper function
maps more physical pages than were requested, which may lead to
undefined behavior or an information leak.

CVE-2022-34678  NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in the kernel mode layer, where an unprivileged user can
cause a null-pointer dereference, which may lead to denial of service.

CVE-2022-34679  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer handler, where an unhandled
return value can lead to a null-pointer dereference, which may lead to
denial of service.

CVE-2022-34680  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer handler, where an integer
truncation can lead to an out-of-bounds read, which may lead to denial
of service.

CVE-2022-34677  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer handler, where an unprivileged
regular user can cause an integer to be truncated, which may lead to
denial of service or data tampering.

CVE-2022-34682  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer, where an unprivileged regular
user can cause a null-pointer dereference, which may lead to denial of
service.

CVE-2022-42257  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer (nvidia.ko), where an integer
overflow may lead to information disclosure, data tampering or denial of
service.

CVE-2022-42265  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer (nvidia.ko), where an integer
overflow may lead to information disclosure or data tampering.

CVE-2022-34684  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer (nvidia.ko), where an off-by-one
error may lead to data tampering or information disclosure.

CVE-2022-42254  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer (nvidia.ko), where an
out-of-bounds array access may lead to denial of service, data
tampering, or information disclosure.

CVE-2022-42258  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer (nvidia.ko), where an integer
overflow may lead to denial of service, data tampering, or information
disclosure.

CVE-2022-42255  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer (nvidia.ko), where an
out-of-bounds array access may lead to denial of service, information
disclosure, or data tampering.

CVE-2022-42256  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer (nvidia.ko), where an integer
overflow in index validation may lead to denial of service, information
disclosure, or data tampering.

CVE-2022-34673  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer (nvidia.ko), where an
out-of-bounds array access may lead to denial of service, information
disclosure, or data tampering.

CVE-2022-42259  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer (nvidia.ko), where an integer
overflow may lead to denial of service.


Linux Driver Branch     CVE IDs Addressed
R515    CVE-2022-34670, CVE-2022-34673, CVE-2022-34674, CVE-2022-34675,
        CVE-2022-34677, CVE-2022-34679, CVE-2022-34680, CVE-2022-34682,
        CVE-2022-34684, CVE-2022-42254, CVE-2022-42255, CVE-2022-42256,
        CVE-2022-42257, CVE-2022-42258, CVE-2022-42259, CVE-2022-42263,
        CVE-2022-42264, CVE-2022-42265
R510    CVE-2022-34670, CVE-2022-34674, CVE-2022-34675, CVE-2022-34677,
        CVE-2022-34679, CVE-2022-34680, CVE-2022-34682, CVE-2022-34684,
        CVE-2022-42254, CVE-2022-42255, CVE-2022-42256, CVE-2022-42257,
        CVE-2022-42258, CVE-2022-42259, CVE-2022-42260, CVE-2022-42261,
        CVE-2022-42262, CVE-2022-42263, CVE-2022-42264
R470    CVE-2022-34670, CVE-2022-34674, CVE-2022-34675, CVE-2022-34677,
        CVE-2022-34679, CVE-2022-34680, CVE-2022-34682, CVE-2022-42254,
        CVE-2022-42255, CVE-2022-42256, CVE-2022-42257, CVE-2022-42258,
        CVE-2022-42259, CVE-2022-42260, CVE-2022-42261, CVE-2022-42262,
        CVE-2022-42263, CVE-2022-42264
R450    CVE-2022-34670, CVE-2022-34674, CVE-2022-34675, CVE-2022-34677,
        CVE-2022-34679, CVE-2022-34680, CVE-2022-34682, CVE-2022-42254,
        CVE-2022-42256, CVE-2022-42257, CVE-2022-42258, CVE-2022-42259,
        CVE-2022-42260, CVE-2022-42261, CVE-2022-42262, CVE-2022-42263,
        CVE-2022-42264
R390    CVE-2022-34670, CVE-2022-34674, CVE-2022-34675, CVE-2022-34677,
        CVE-2022-34680, CVE-2022-42257, CVE-2022-42258, CVE-2022-42259


Andreas

--- End Message ---

--- Begin Message ---

Source: nvidia-graphics-drivers-tesla-470
Source-Version: 470.161.03-1
Done: Andreas Beckmann <a...@debian.org>

We believe that the bug you reported is fixed in the latest version of
nvidia-graphics-drivers-tesla-470, which is due to be installed in the Debian 
FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1025...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Beckmann <a...@debian.org> (supplier of updated 
nvidia-graphics-drivers-tesla-470 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 08 Dec 2022 15:18:42 +0100
Source: nvidia-graphics-drivers-tesla-470
Architecture: source
Version: 470.161.03-1
Distribution: unstable
Urgency: medium
Maintainer: Debian NVIDIA Maintainers <pkg-nvidia-de...@lists.alioth.debian.org>
Changed-By: Andreas Beckmann <a...@debian.org>
Closes: 1025285
Changes:
 nvidia-graphics-drivers-tesla-470 (470.161.03-1) unstable; urgency=medium
 .
   * New upstream production branch release 470.161.03 (2022-11-22).
     * Fixed CVE-2022-34670, CVE-2022-34674, CVE-2022-34675, CVE-2022-34677,
       CVE-2022-34679, CVE-2022-34680, CVE-2022-34682, CVE-2022-42254,
       CVE-2022-42255, CVE-2022-42256, CVE-2022-42257, CVE-2022-42258,
       CVE-2022-42259, CVE-2022-42260, CVE-2022-42261, CVE-2022-42262,
       CVE-2022-42263, CVE-2022-42264.  (Closes: #1025285)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5415
     - Fixed a bug that caused the Xorg server to crash if an NvFBC capture
       session is started while video memory is full.
     * Improved compatibility with recent Linux kernels.
   * New upstream Tesla release (amd64 only) 470.141.10 (2022-10-19).
 .
   [ Andreas Beckmann ]
   * Refresh patches.
   * Add missing #includes to fix kernel module build for ppc64el.
   * Rename the internally used ARCH variable which might clash on externally
     set values.
   * Use substitutions for ${nvidia-kernel} and friends (510.108.03-1).
   * Try to compile a kernel module at package build time (510.108.03-1).
Checksums-Sha1:
 92b0e15eb6547d40ca700aadc75d62a77c077b47 8156 
nvidia-graphics-drivers-tesla-470_470.161.03-1.dsc
 2bcb92a197cce6a51926c45f88f0ccda760dc907 272382526 
nvidia-graphics-drivers-tesla-470_470.161.03.orig-amd64.tar.gz
 0ff5d8a80a8df2828f15439daa8031f9f8d54fa6 184356759 
nvidia-graphics-drivers-tesla-470_470.161.03.orig-arm64.tar.gz
 6dce8fe053cfb6f5ae0d5c1c3df789378d09a271 67536258 
nvidia-graphics-drivers-tesla-470_470.161.03.orig-ppc64el.tar.gz
 0ac06ee3ee2922296484b18796591240f38201d0 141 
nvidia-graphics-drivers-tesla-470_470.161.03.orig.tar.gz
 5b25e7dce1ab3d808566461f0999c0a98e360e9f 210596 
nvidia-graphics-drivers-tesla-470_470.161.03-1.debian.tar.xz
 0165cf25dc56dc76df40c94f7f6d4e11f7de128a 7656 
nvidia-graphics-drivers-tesla-470_470.161.03-1_source.buildinfo
Checksums-Sha256:
 38ea056dd13f949679c3dc2cf7832396d46af44e049c1b375f76c5df0ce02ad9 8156 
nvidia-graphics-drivers-tesla-470_470.161.03-1.dsc
 76f2338e5f6827e6237e29f11bd6cf7350042e068b895d37101107485f609eed 272382526 
nvidia-graphics-drivers-tesla-470_470.161.03.orig-amd64.tar.gz
 e99d24fa054c44c659cd00e6cbf630ee9c9576da53254580f6b8c230302b1113 184356759 
nvidia-graphics-drivers-tesla-470_470.161.03.orig-arm64.tar.gz
 4f0388f56196e72f53fa8a7961d964fc52d5e6c78e49ca474089ac0e817016a2 67536258 
nvidia-graphics-drivers-tesla-470_470.161.03.orig-ppc64el.tar.gz
 e9097c9c87d7a849db8a995f092ff13cb0c9ac833c60d612001dd2695edb6131 141 
nvidia-graphics-drivers-tesla-470_470.161.03.orig.tar.gz
 1b42aebba736f1536e6403cc0926c5b7df7cf49b736ec7b0ebcc0a2174efdbdb 210596 
nvidia-graphics-drivers-tesla-470_470.161.03-1.debian.tar.xz
 bc7155c23ebb6d8f8cd5e5a91e5715153cf75882485a502169180d4953e4702a 7656 
nvidia-graphics-drivers-tesla-470_470.161.03-1_source.buildinfo
Files:
 70e650420b552117943f9b10e8728490 8156 non-free/libs optional 
nvidia-graphics-drivers-tesla-470_470.161.03-1.dsc
 5a37fb22665d7ed79b9ab67da07fb469 272382526 non-free/libs optional 
nvidia-graphics-drivers-tesla-470_470.161.03.orig-amd64.tar.gz
 b10a691a11949b935a362224555a2f89 184356759 non-free/libs optional 
nvidia-graphics-drivers-tesla-470_470.161.03.orig-arm64.tar.gz
 7d008a20a05e3842cad75c16b46a82a9 67536258 non-free/libs optional 
nvidia-graphics-drivers-tesla-470_470.161.03.orig-ppc64el.tar.gz
 bea0852da52749a0f97443f402188c40 141 non-free/libs optional 
nvidia-graphics-drivers-tesla-470_470.161.03.orig.tar.gz
 70e8694c6ea9a3452d9b669f76cffe06 210596 non-free/libs optional 
nvidia-graphics-drivers-tesla-470_470.161.03-1.debian.tar.xz
 f2f8328fd7f892acf2d27c495b367a57 7656 non-free/libs optional 
nvidia-graphics-drivers-tesla-470_470.161.03-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJEBAEBCAAuFiEE6/MKMKjZxjvaRMaUX7M/k1np7QgFAmOR86QQHGFuYmVAZGVi
aWFuLm9yZwAKCRBfsz+TWentCA0RD/9c3wrbu49GmCWIoJmzvVZP8xvh/vdeRpWI
ndlOuHHWK+QpvRyMG/No9e2+R24jwRE8Rt1PUmTuwDFkfCx5dBPyKPwW8FfL5vGt
dVSOB18flim4DWVBOLkNCfFZ2MBAMqo38T+tLDOCigtGF173WynQyTqktbY5C3gJ
whK/qR1jdOgewS2RQbV9fwLcubuuBoRSCVbnlODnux/IplOs+fZ2aIOBKJFg3j4l
MRbQWoe6S8fXYK9uE2mXMGGXJAoknl8y3dD8WaURa6QNvku1N8Ddmkq0pjRcsNhP
G3AQKZy4eOTr+3qaJfmGAXf1QSEBhyx50B/PuUFrQffoZw4ZnmwBDXsfwbh7aCSY
WbQkozH7JBBJIik7j+idxkfevwekSBMGdbJJ33bNVUHxvtq921kioH2f/TQTYovG
r3VPcK7W21uie3qm1JwSeLkek630+2sr2HYY9UjW8eeN1T24X8w31wjtxLu0KuC5
356DSUeNtSM0Wmyyd1xbWaz1O9s8y/SajM/4aIEHR33dD5RbpxIOiefIO1lCrFbW
OlPjujeNe+C0+z1a82GzpCIJMzIPXdX04htGJlC3vkM6buH8Nm3DZz2A5khwO0e6
tcHz3P6rAguCeUDSMsM/JzMA1GBInaOTeslcbSrP8Sl3SdxTBdI0Qr9CKkMJWB9G
aYQykIN4LQ==
=S9Up
-----END PGP SIGNATURE-----

--- End Message ---