Bug#1025279: marked as done (nvidia-graphics-drivers: CVE-2022-34670, CVE-2022-34674, CVE-2022-34675, CVE-2022-34677, CVE-2022-34679, CVE-2022-34680, CVE-2022-34682, CVE-2022-34684, CVE-2022-42254, CVE-2022-42255, CVE-2022-42256, CVE-2022-42257, CVE-2022-42258, CVE-2022-42259, CVE-2022-42260, CVE-2022-42261, CVE-2022-42262, CVE-2022-42263, CVE-2022-42264)

[Debian Bug Tracking System]

Your message dated Sun, 05 Feb 2023 13:36:23 +0000
with message-id <e1pofbv-00bhxb...@fasolo.debian.org>
and subject line Bug#1025279: fixed in nvidia-graphics-drivers 525.60.13-1
has caused the Debian Bug report #1025279,
regarding nvidia-graphics-drivers: CVE-2022-34670, CVE-2022-34674, 
CVE-2022-34675, CVE-2022-34677, CVE-2022-34679, CVE-2022-34680, CVE-2022-34682, 
CVE-2022-34684, CVE-2022-42254, CVE-2022-42255, CVE-2022-42256, CVE-2022-42257, 
CVE-2022-42258, CVE-2022-42259, CVE-2022-42260, CVE-2022-42261, CVE-2022-42262, 
CVE-2022-42263, CVE-2022-42264
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1025279: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025279
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: nvidia-graphics-drivers
Severity: serious
Tags: security upstream
Control: clone -1 -2 -3 -4 -5 -6 -7 -8 -9
Control: reassign -2 src:nvidia-graphics-drivers-legacy-340xx 340.76-6
Control: retitle -2 nvidia-graphics-drivers-legacy-340xx: CVE-2022-34670, 
CVE-2022-34674, CVE-2022-34675, CVE-2022-34677, CVE-2022-34680, CVE-2022-42257, 
CVE-2022-42258, CVE-2022-42259
Control: tag -2 + wontfix
Control: reassign -3 src:nvidia-graphics-drivers-legacy-390xx 390.48-4
Control: retitle -3 nvidia-graphics-drivers-legacy-390xx: CVE-2022-34670, 
CVE-2022-34674, CVE-2022-34675, CVE-2022-34677, CVE-2022-34680, CVE-2022-42257, 
CVE-2022-42258, CVE-2022-42259
Control: reassign -4 src:nvidia-graphics-drivers-tesla-418 418.87.01-1
Control: retitle -4 nvidia-graphics-drivers-tesla-418: CVE-2022-34670, 
CVE-2022-34674, CVE-2022-34675, CVE-2022-34677, CVE-2022-34679, CVE-2022-34680, 
CVE-2022-34682, CVE-2022-42254, CVE-2022-42256, CVE-2022-42257, CVE-2022-42258, 
CVE-2022-42259, CVE-2022-42260, CVE-2022-42261, CVE-2022-42262, CVE-2022-42263, 
CVE-2022-42264
Control: tag -4 + wontfix
Control: reassign -5 src:nvidia-graphics-drivers-tesla-450 450.51.05-1
Control: retitle -5 nvidia-graphics-drivers-tesla-450: CVE-2022-34670, 
CVE-2022-34674, CVE-2022-34675, CVE-2022-34677, CVE-2022-34679, CVE-2022-34680, 
CVE-2022-34682, CVE-2022-42254, CVE-2022-42256, CVE-2022-42257, CVE-2022-42258, 
CVE-2022-42259, CVE-2022-42260, CVE-2022-42261, CVE-2022-42262, CVE-2022-42263, 
CVE-2022-42264
Control: reassign -6 src:nvidia-graphics-drivers-tesla-460 460.32.03-1
Control: retitle -6 nvidia-graphics-drivers-tesla-460: CVE-2022-34670, 
CVE-2022-34674, CVE-2022-34675, CVE-2022-34677, CVE-2022-34679, CVE-2022-34680, 
CVE-2022-34682, CVE-2022-42254, CVE-2022-42255, CVE-2022-42256, CVE-2022-42257, 
CVE-2022-42258, CVE-2022-42259, CVE-2022-42260, CVE-2022-42261, CVE-2022-42262, 
CVE-2022-42263, CVE-2022-42264
Control: tag -6 + wontfix
Control: close -6 460.106.00-3
Control: reassign -7 src:nvidia-graphics-drivers-tesla-470 470.57.02-1
Control: retitle -7 nvidia-graphics-drivers-tesla-470: CVE-2022-34670, 
CVE-2022-34674, CVE-2022-34675, CVE-2022-34677, CVE-2022-34679, CVE-2022-34680, 
CVE-2022-34682, CVE-2022-42254, CVE-2022-42255, CVE-2022-42256, CVE-2022-42257, 
CVE-2022-42258, CVE-2022-42259, CVE-2022-42260, CVE-2022-42261, CVE-2022-42262, 
CVE-2022-42263, CVE-2022-42264
Control: reassign -8 src:nvidia-graphics-drivers-tesla-510 510.47.03-1
Control: retitle -8 nvidia-graphics-drivers-tesla-510: CVE-2022-34670, 
CVE-2022-34674, CVE-2022-34675, CVE-2022-34677, CVE-2022-34679, CVE-2022-34680, 
CVE-2022-34682, CVE-2022-34684, CVE-2022-42254, CVE-2022-42255, CVE-2022-42256, 
CVE-2022-42257, CVE-2022-42258, CVE-2022-42259, CVE-2022-42260, CVE-2022-42261, 
CVE-2022-42262, CVE-2022-42263, CVE-2022-42264
Control: reassign -9 src:nvidia-graphics-drivers-tesla 510.85.02-1
Control: retitle -9 nvidia-graphics-drivers-tesla: CVE-2022-34670, 
CVE-2022-34674, CVE-2022-34675, CVE-2022-34677, CVE-2022-34679, CVE-2022-34680, 
CVE-2022-34682, CVE-2022-34684, CVE-2022-42254, CVE-2022-42255, CVE-2022-42256, 
CVE-2022-42257, CVE-2022-42258, CVE-2022-42259, CVE-2022-42260, CVE-2022-42261, 
CVE-2022-42262, CVE-2022-42263, CVE-2022-42264
Control: found -1 340.24-1
Control: found -1 343.22-1
Control: found -1 396.18-1
Control: found -1 430.14-1
Control: found -1 455.23.04-1
Control: found -1 465.24.02-1
Control: found -1 495.44-1
Control: found -1 515.48.07-1

https://nvidia.custhelp.com/app/answers/detail/a_id/5415

CVE-2022-34670  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer handler, where an unprivileged
regular user can cause truncation errors when casting a primitive to a
primitive of smaller size causes data to be lost in the conversion,
which may lead to denial of service or information disclosure.

CVE-2022-42263  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer handler, where an Integer
overflow may lead to denial of service or information disclosure.

CVE-2022-34676  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer handler, where an out-of-bounds
read may lead to denial of service, information disclosure, or data
tampering.

CVE-2022-42264  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer, where an unprivileged regular
user can cause the use of an out-of-range pointer offset, which may lead
to data tampering, data loss, information disclosure, or denial of
service.

CVE-2022-34674  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer handler, where a helper function
maps more physical pages than were requested, which may lead to
undefined behavior or an information leak.

CVE-2022-34678  NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in the kernel mode layer, where an unprivileged user can
cause a null-pointer dereference, which may lead to denial of service.

CVE-2022-34679  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer handler, where an unhandled
return value can lead to a null-pointer dereference, which may lead to
denial of service.

CVE-2022-34680  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer handler, where an integer
truncation can lead to an out-of-bounds read, which may lead to denial
of service.

CVE-2022-34677  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer handler, where an unprivileged
regular user can cause an integer to be truncated, which may lead to
denial of service or data tampering.

CVE-2022-34682  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer, where an unprivileged regular
user can cause a null-pointer dereference, which may lead to denial of
service.

CVE-2022-42257  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer (nvidia.ko), where an integer
overflow may lead to information disclosure, data tampering or denial of
service.

CVE-2022-42265  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer (nvidia.ko), where an integer
overflow may lead to information disclosure or data tampering.

CVE-2022-34684  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer (nvidia.ko), where an off-by-one
error may lead to data tampering or information disclosure.

CVE-2022-42254  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer (nvidia.ko), where an
out-of-bounds array access may lead to denial of service, data
tampering, or information disclosure.

CVE-2022-42258  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer (nvidia.ko), where an integer
overflow may lead to denial of service, data tampering, or information
disclosure.

CVE-2022-42255  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer (nvidia.ko), where an
out-of-bounds array access may lead to denial of service, information
disclosure, or data tampering.

CVE-2022-42256  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer (nvidia.ko), where an integer
overflow in index validation may lead to denial of service, information
disclosure, or data tampering.

CVE-2022-34673  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer (nvidia.ko), where an
out-of-bounds array access may lead to denial of service, information
disclosure, or data tampering.

CVE-2022-42259  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer (nvidia.ko), where an integer
overflow may lead to denial of service.


Linux Driver Branch     CVE IDs Addressed
R515    CVE-2022-34670, CVE-2022-34673, CVE-2022-34674, CVE-2022-34675,
        CVE-2022-34677, CVE-2022-34679, CVE-2022-34680, CVE-2022-34682,
        CVE-2022-34684, CVE-2022-42254, CVE-2022-42255, CVE-2022-42256,
        CVE-2022-42257, CVE-2022-42258, CVE-2022-42259, CVE-2022-42263,
        CVE-2022-42264, CVE-2022-42265
R510    CVE-2022-34670, CVE-2022-34674, CVE-2022-34675, CVE-2022-34677,
        CVE-2022-34679, CVE-2022-34680, CVE-2022-34682, CVE-2022-34684,
        CVE-2022-42254, CVE-2022-42255, CVE-2022-42256, CVE-2022-42257,
        CVE-2022-42258, CVE-2022-42259, CVE-2022-42260, CVE-2022-42261,
        CVE-2022-42262, CVE-2022-42263, CVE-2022-42264
R470    CVE-2022-34670, CVE-2022-34674, CVE-2022-34675, CVE-2022-34677,
        CVE-2022-34679, CVE-2022-34680, CVE-2022-34682, CVE-2022-42254,
        CVE-2022-42255, CVE-2022-42256, CVE-2022-42257, CVE-2022-42258,
        CVE-2022-42259, CVE-2022-42260, CVE-2022-42261, CVE-2022-42262,
        CVE-2022-42263, CVE-2022-42264
R450    CVE-2022-34670, CVE-2022-34674, CVE-2022-34675, CVE-2022-34677,
        CVE-2022-34679, CVE-2022-34680, CVE-2022-34682, CVE-2022-42254,
        CVE-2022-42256, CVE-2022-42257, CVE-2022-42258, CVE-2022-42259,
        CVE-2022-42260, CVE-2022-42261, CVE-2022-42262, CVE-2022-42263,
        CVE-2022-42264
R390    CVE-2022-34670, CVE-2022-34674, CVE-2022-34675, CVE-2022-34677,
        CVE-2022-34680, CVE-2022-42257, CVE-2022-42258, CVE-2022-42259


Andreas

--- End Message ---

--- Begin Message ---

Source: nvidia-graphics-drivers
Source-Version: 525.60.13-1
Done: Andreas Beckmann <a...@debian.org>

We believe that the bug you reported is fixed in the latest version of
nvidia-graphics-drivers, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1025...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Beckmann <a...@debian.org> (supplier of updated nvidia-graphics-drivers 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 05 Feb 2023 14:07:07 +0100
Source: nvidia-graphics-drivers
Architecture: source
Version: 525.60.13-1
Distribution: experimental
Urgency: medium
Maintainer: Debian NVIDIA Maintainers <pkg-nvidia-de...@lists.alioth.debian.org>
Changed-By: Andreas Beckmann <a...@debian.org>
Closes: 1025279 1025883
Changes:
 nvidia-graphics-drivers (525.60.13-1) experimental; urgency=medium
 .
   * New upstream production branch release 525.60.13 (2022-12-05).
   * New upstream production branch release 525.60.11 (2022-11-28).
     (Closes: #1025883)
     * Fixed CVE-2022-34670, CVE-2022-34673, CVE-2022-34674, CVE-2022-34675,
       CVE-2022-34677, CVE-2022-34679, CVE-2022-34680, CVE-2022-34682,
       CVE-2022-34684, CVE-2022-42254, CVE-2022-42255, CVE-2022-42256,
       CVE-2022-42257, CVE-2022-42258, CVE-2022-42259, CVE-2022-42263,
       CVE-2022-42264, CVE-2022-42265.  (Closes: #1025279)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5415
     - Improved the performance of PRIME render-offloaded applications.
     - Fixed a bug which caused suspend to fail on systems running GNOME 3
       as a Wayland compositor with NVreg_PreserveVideoMemoryAllocations
       enabled.
 .
   [ Andreas Beckmann ]
   * Update nv-readme.ids.
Checksums-Sha1:
 c4b123ca9b5ee4ed16fbc14a9e075bec8a49ec51 6935 
nvidia-graphics-drivers_525.60.13-1.dsc
 cb90286fd5e106fbac0a3de421fb3f165860de00 413341726 
nvidia-graphics-drivers_525.60.13.orig-amd64.tar.gz
 84ff39b2d9961f05c2d3a0cb69348510599e80e7 262293047 
nvidia-graphics-drivers_525.60.13.orig-arm64.tar.gz
 df70a9b209dcab56c56684175e105f12e7e85dc4 138 
nvidia-graphics-drivers_525.60.13.orig.tar.gz
 63fa5f5d99fe8956a46afd81a0fc889fa1aca016 216316 
nvidia-graphics-drivers_525.60.13-1.debian.tar.xz
 6980e75ef6c83e29a151718b483fbf99ae279618 5594 
nvidia-graphics-drivers_525.60.13-1_source.buildinfo
Checksums-Sha256:
 1d9d289ebe7afb669a002f2c8f07c11f47538b63da22c2a1a380f1e2361b8697 6935 
nvidia-graphics-drivers_525.60.13-1.dsc
 f0c842c69d5075568413159ceb5d645a22a0584dcca05cd94681006b6273affe 413341726 
nvidia-graphics-drivers_525.60.13.orig-amd64.tar.gz
 c1289e96f4e13a24dad67bfb881dd8c08086c52c5ed0b3581c8a880655d5f957 262293047 
nvidia-graphics-drivers_525.60.13.orig-arm64.tar.gz
 4c9e814fd3789e7817be3bf443bc659ee344fceb779fc195dd65df4d3e16b6d4 138 
nvidia-graphics-drivers_525.60.13.orig.tar.gz
 5e42d772055a8e7a6af34eb697a0379c1c4195dac2c7fcf6804b7f14d645f1b9 216316 
nvidia-graphics-drivers_525.60.13-1.debian.tar.xz
 fd169e7b0a2f8c70b62d7268868f92145ffd155118218de020c97383a0b1509a 5594 
nvidia-graphics-drivers_525.60.13-1_source.buildinfo
Files:
 d06abd4183a2b2046a75371a78500eed 6935 non-free/libs optional 
nvidia-graphics-drivers_525.60.13-1.dsc
 d52dcaef9f811ac7f52764c93425f64f 413341726 non-free/libs optional 
nvidia-graphics-drivers_525.60.13.orig-amd64.tar.gz
 7af1a36c421e5bdb0caadcaadf73412e 262293047 non-free/libs optional 
nvidia-graphics-drivers_525.60.13.orig-arm64.tar.gz
 28ab896b8e56044a60c0ff027e764d08 138 non-free/libs optional 
nvidia-graphics-drivers_525.60.13.orig.tar.gz
 9abeb27a4ad3a1a785344a11a6682ac8 216316 non-free/libs optional 
nvidia-graphics-drivers_525.60.13-1.debian.tar.xz
 77efca88a46ff857cd930f6cb0dd1822 5594 non-free/libs optional 
nvidia-graphics-drivers_525.60.13-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJEBAEBCAAuFiEE6/MKMKjZxjvaRMaUX7M/k1np7QgFAmPfqxMQHGFuYmVAZGVi
aWFuLm9yZwAKCRBfsz+TWentCBUCD/46OIa6zES4c24oYBTpoE1DqUBeG8Sfv2JX
om1f45ufoILr9t7J6jaJJ+xYlr6+zi/bpx4fTDuQ8PMjVj4+QaceJG1vgNZ0sW5W
kJcixhECrTKUYbWUTr4A5WbFdUif5+e8FmX6mB05fTILJZA2MO0riVK162nm5kJb
IXuf9hrTaAn4d0eGekQDhRLJf8vl8BUXlRXg+NFtmTAjqymoawJADHF8nLfoiv6p
LWfdlXDyv+GLqpneTQPV8At6iju/qDVM0Sk7752D7/Ozgar8wayInBvdfNmrBr8w
kW1ehHPR+8B7JH1O/oDzyBAqGbjqBJ69x2FhmYqBm4ehEW99ypz9C6cfCjPDyjSd
rMNIAkyUmRNfpnFwCokQndxM47iYlGMxbulh4hdka+Pua/BjpipPzC4j4/18zXVf
CxZfBTtWIimYdud/kh6iFtXJxySjvJTbCQTjWVnaeUrhi7gwSwtj9evGbmemsJKU
SLzhgNPTgEE4LIBKTeczxjK2c0QX/u4J95WPMV0wblqR5gz3rxvp/lQ4pE0uQRJt
B8dTt40+OL2pbgOgNDKNrLJNovVoJVyA1j9a/9c9F0HbAoELE4RNwQPgyvU4Za2k
ZAY67VbroBGlQ2gDB/FQcGHCMTfBqxEso65UfVVrHuPyZLrLiDvh1VmNd6D/uuQ2
Eo9GvwuxPQ==
=bdt7
-----END PGP SIGNATURE-----

--- End Message ---