Bug#1025279: marked as done (nvidia-graphics-drivers: CVE-2022-34670, CVE-2022-34674, CVE-2022-34675, CVE-2022-34677, CVE-2022-34679, CVE-2022-34680, CVE-2022-34682, CVE-2022-34684, CVE-2022-42254, CVE-2022-42255, CVE-2022-42256, CVE-2022-42257, CVE-2022-42258, CVE-2022-42259, CVE-2022-42260, CVE-2022-42261, CVE-2022-42262, CVE-2022-42263, CVE-2022-42264)

Debian Bug Tracking System Mon, 13 Feb 2023 06:45:18 -0800

Your message dated Mon, 13 Feb 2023 14:40:36 +0000
with message-id <e1pra0s-00ht9z...@fasolo.debian.org>
and subject line Bug#1025279: fixed in nvidia-open-gpu-kernel-modules 
525.85.12-1
has caused the Debian Bug report #1025279,
regarding nvidia-graphics-drivers: CVE-2022-34670, CVE-2022-34674, 
CVE-2022-34675, CVE-2022-34677, CVE-2022-34679, CVE-2022-34680, CVE-2022-34682, 
CVE-2022-34684, CVE-2022-42254, CVE-2022-42255, CVE-2022-42256, CVE-2022-42257, 
CVE-2022-42258, CVE-2022-42259, CVE-2022-42260, CVE-2022-42261, CVE-2022-42262, 
CVE-2022-42263, CVE-2022-42264
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1025279: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025279
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: nvidia-graphics-drivers
Severity: serious
Tags: security upstream
Control: clone -1 -2 -3 -4 -5 -6 -7 -8 -9
Control: reassign -2 src:nvidia-graphics-drivers-legacy-340xx 340.76-6
Control: retitle -2 nvidia-graphics-drivers-legacy-340xx: CVE-2022-34670, 
CVE-2022-34674, CVE-2022-34675, CVE-2022-34677, CVE-2022-34680, CVE-2022-42257, 
CVE-2022-42258, CVE-2022-42259
Control: tag -2 + wontfix
Control: reassign -3 src:nvidia-graphics-drivers-legacy-390xx 390.48-4
Control: retitle -3 nvidia-graphics-drivers-legacy-390xx: CVE-2022-34670, 
CVE-2022-34674, CVE-2022-34675, CVE-2022-34677, CVE-2022-34680, CVE-2022-42257, 
CVE-2022-42258, CVE-2022-42259
Control: reassign -4 src:nvidia-graphics-drivers-tesla-418 418.87.01-1
Control: retitle -4 nvidia-graphics-drivers-tesla-418: CVE-2022-34670, 
CVE-2022-34674, CVE-2022-34675, CVE-2022-34677, CVE-2022-34679, CVE-2022-34680, 
CVE-2022-34682, CVE-2022-42254, CVE-2022-42256, CVE-2022-42257, CVE-2022-42258, 
CVE-2022-42259, CVE-2022-42260, CVE-2022-42261, CVE-2022-42262, CVE-2022-42263, 
CVE-2022-42264
Control: tag -4 + wontfix
Control: reassign -5 src:nvidia-graphics-drivers-tesla-450 450.51.05-1
Control: retitle -5 nvidia-graphics-drivers-tesla-450: CVE-2022-34670, 
CVE-2022-34674, CVE-2022-34675, CVE-2022-34677, CVE-2022-34679, CVE-2022-34680, 
CVE-2022-34682, CVE-2022-42254, CVE-2022-42256, CVE-2022-42257, CVE-2022-42258, 
CVE-2022-42259, CVE-2022-42260, CVE-2022-42261, CVE-2022-42262, CVE-2022-42263, 
CVE-2022-42264
Control: reassign -6 src:nvidia-graphics-drivers-tesla-460 460.32.03-1
Control: retitle -6 nvidia-graphics-drivers-tesla-460: CVE-2022-34670, 
CVE-2022-34674, CVE-2022-34675, CVE-2022-34677, CVE-2022-34679, CVE-2022-34680, 
CVE-2022-34682, CVE-2022-42254, CVE-2022-42255, CVE-2022-42256, CVE-2022-42257, 
CVE-2022-42258, CVE-2022-42259, CVE-2022-42260, CVE-2022-42261, CVE-2022-42262, 
CVE-2022-42263, CVE-2022-42264
Control: tag -6 + wontfix
Control: close -6 460.106.00-3
Control: reassign -7 src:nvidia-graphics-drivers-tesla-470 470.57.02-1
Control: retitle -7 nvidia-graphics-drivers-tesla-470: CVE-2022-34670, 
CVE-2022-34674, CVE-2022-34675, CVE-2022-34677, CVE-2022-34679, CVE-2022-34680, 
CVE-2022-34682, CVE-2022-42254, CVE-2022-42255, CVE-2022-42256, CVE-2022-42257, 
CVE-2022-42258, CVE-2022-42259, CVE-2022-42260, CVE-2022-42261, CVE-2022-42262, 
CVE-2022-42263, CVE-2022-42264
Control: reassign -8 src:nvidia-graphics-drivers-tesla-510 510.47.03-1
Control: retitle -8 nvidia-graphics-drivers-tesla-510: CVE-2022-34670, 
CVE-2022-34674, CVE-2022-34675, CVE-2022-34677, CVE-2022-34679, CVE-2022-34680, 
CVE-2022-34682, CVE-2022-34684, CVE-2022-42254, CVE-2022-42255, CVE-2022-42256, 
CVE-2022-42257, CVE-2022-42258, CVE-2022-42259, CVE-2022-42260, CVE-2022-42261, 
CVE-2022-42262, CVE-2022-42263, CVE-2022-42264
Control: reassign -9 src:nvidia-graphics-drivers-tesla 510.85.02-1
Control: retitle -9 nvidia-graphics-drivers-tesla: CVE-2022-34670, 
CVE-2022-34674, CVE-2022-34675, CVE-2022-34677, CVE-2022-34679, CVE-2022-34680, 
CVE-2022-34682, CVE-2022-34684, CVE-2022-42254, CVE-2022-42255, CVE-2022-42256, 
CVE-2022-42257, CVE-2022-42258, CVE-2022-42259, CVE-2022-42260, CVE-2022-42261, 
CVE-2022-42262, CVE-2022-42263, CVE-2022-42264
Control: found -1 340.24-1
Control: found -1 343.22-1
Control: found -1 396.18-1
Control: found -1 430.14-1
Control: found -1 455.23.04-1
Control: found -1 465.24.02-1
Control: found -1 495.44-1
Control: found -1 515.48.07-1

https://nvidia.custhelp.com/app/answers/detail/a_id/5415

CVE-2022-34670  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer handler, where an unprivileged
regular user can cause truncation errors when casting a primitive to a
primitive of smaller size causes data to be lost in the conversion,
which may lead to denial of service or information disclosure.

CVE-2022-42263  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer handler, where an Integer
overflow may lead to denial of service or information disclosure.

CVE-2022-34676  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer handler, where an out-of-bounds
read may lead to denial of service, information disclosure, or data
tampering.

CVE-2022-42264  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer, where an unprivileged regular
user can cause the use of an out-of-range pointer offset, which may lead
to data tampering, data loss, information disclosure, or denial of
service.

CVE-2022-34674  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer handler, where a helper function
maps more physical pages than were requested, which may lead to
undefined behavior or an information leak.

CVE-2022-34678  NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in the kernel mode layer, where an unprivileged user can
cause a null-pointer dereference, which may lead to denial of service.

CVE-2022-34679  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer handler, where an unhandled
return value can lead to a null-pointer dereference, which may lead to
denial of service.

CVE-2022-34680  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer handler, where an integer
truncation can lead to an out-of-bounds read, which may lead to denial
of service.

CVE-2022-34677  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer handler, where an unprivileged
regular user can cause an integer to be truncated, which may lead to
denial of service or data tampering.

CVE-2022-34682  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer, where an unprivileged regular
user can cause a null-pointer dereference, which may lead to denial of
service.

CVE-2022-42257  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer (nvidia.ko), where an integer
overflow may lead to information disclosure, data tampering or denial of
service.

CVE-2022-42265  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer (nvidia.ko), where an integer
overflow may lead to information disclosure or data tampering.

CVE-2022-34684  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer (nvidia.ko), where an off-by-one
error may lead to data tampering or information disclosure.

CVE-2022-42254  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer (nvidia.ko), where an
out-of-bounds array access may lead to denial of service, data
tampering, or information disclosure.

CVE-2022-42258  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer (nvidia.ko), where an integer
overflow may lead to denial of service, data tampering, or information
disclosure.

CVE-2022-42255  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer (nvidia.ko), where an
out-of-bounds array access may lead to denial of service, information
disclosure, or data tampering.

CVE-2022-42256  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer (nvidia.ko), where an integer
overflow in index validation may lead to denial of service, information
disclosure, or data tampering.

CVE-2022-34673  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer (nvidia.ko), where an
out-of-bounds array access may lead to denial of service, information
disclosure, or data tampering.

CVE-2022-42259  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer (nvidia.ko), where an integer
overflow may lead to denial of service.


Linux Driver Branch     CVE IDs Addressed
R515    CVE-2022-34670, CVE-2022-34673, CVE-2022-34674, CVE-2022-34675,
        CVE-2022-34677, CVE-2022-34679, CVE-2022-34680, CVE-2022-34682,
        CVE-2022-34684, CVE-2022-42254, CVE-2022-42255, CVE-2022-42256,
        CVE-2022-42257, CVE-2022-42258, CVE-2022-42259, CVE-2022-42263,
        CVE-2022-42264, CVE-2022-42265
R510    CVE-2022-34670, CVE-2022-34674, CVE-2022-34675, CVE-2022-34677,
        CVE-2022-34679, CVE-2022-34680, CVE-2022-34682, CVE-2022-34684,
        CVE-2022-42254, CVE-2022-42255, CVE-2022-42256, CVE-2022-42257,
        CVE-2022-42258, CVE-2022-42259, CVE-2022-42260, CVE-2022-42261,
        CVE-2022-42262, CVE-2022-42263, CVE-2022-42264
R470    CVE-2022-34670, CVE-2022-34674, CVE-2022-34675, CVE-2022-34677,
        CVE-2022-34679, CVE-2022-34680, CVE-2022-34682, CVE-2022-42254,
        CVE-2022-42255, CVE-2022-42256, CVE-2022-42257, CVE-2022-42258,
        CVE-2022-42259, CVE-2022-42260, CVE-2022-42261, CVE-2022-42262,
        CVE-2022-42263, CVE-2022-42264
R450    CVE-2022-34670, CVE-2022-34674, CVE-2022-34675, CVE-2022-34677,
        CVE-2022-34679, CVE-2022-34680, CVE-2022-34682, CVE-2022-42254,
        CVE-2022-42256, CVE-2022-42257, CVE-2022-42258, CVE-2022-42259,
        CVE-2022-42260, CVE-2022-42261, CVE-2022-42262, CVE-2022-42263,
        CVE-2022-42264
R390    CVE-2022-34670, CVE-2022-34674, CVE-2022-34675, CVE-2022-34677,
        CVE-2022-34680, CVE-2022-42257, CVE-2022-42258, CVE-2022-42259


Andreas

--- End Message ---

--- Begin Message ---

Source: nvidia-open-gpu-kernel-modules
Source-Version: 525.85.12-1
Done: Andreas Beckmann <a...@debian.org>

We believe that the bug you reported is fixed in the latest version of
nvidia-open-gpu-kernel-modules, which is due to be installed in the Debian FTP 
archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1025...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Beckmann <a...@debian.org> (supplier of updated 
nvidia-open-gpu-kernel-modules package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 13 Feb 2023 14:41:31 +0100
Source: nvidia-open-gpu-kernel-modules
Architecture: source
Version: 525.85.12-1
Distribution: unstable
Urgency: medium
Maintainer: Debian NVIDIA Maintainers <pkg-nvidia-de...@lists.alioth.debian.org>
Changed-By: Andreas Beckmann <a...@debian.org>
Closes: 1025279
Changes:
 nvidia-open-gpu-kernel-modules (525.85.12-1) unstable; urgency=medium
 .
   * New upstream production branch release 525.85.12 (2023-01-30).
   * New upstream production branch release 525.85.05 (2023-01-19).
   * New upstream production branch release 525.78.01 (2023-01-05).
   * New upstream production branch release 525.60.13 (2022-12-05).
   * New upstream production branch release 525.60.11 (2022-11-28).
     * Fixed CVE-2022-34670, CVE-2022-34673, CVE-2022-34674, CVE-2022-34675,
       CVE-2022-34677, CVE-2022-34679, CVE-2022-34680, CVE-2022-34682,
       CVE-2022-34684, CVE-2022-42254, CVE-2022-42255, CVE-2022-42256,
       CVE-2022-42257, CVE-2022-42258, CVE-2022-42259, CVE-2022-42263,
       CVE-2022-42264, CVE-2022-42265.  (Closes: #1025279)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5415
   * New upstream beta 525.53 (2022-11-10).
   * Refresh patches.
   * Update Lintian overrides.
Checksums-Sha1:
 5e6d57a3b958ef8215623e9b855f72f9126e46bc 2719 
nvidia-open-gpu-kernel-modules_525.85.12-1.dsc
 f52b5161ef036420357e52eb07590d2ff0113577 6101028 
nvidia-open-gpu-kernel-modules_525.85.12.orig.tar.xz
 309429dbccb3ade96ce91204d6c7617d5f2bbec4 19292 
nvidia-open-gpu-kernel-modules_525.85.12-1.debian.tar.xz
 b35169f45a311ebb8d3baf12b72b7587f19c24b0 5626 
nvidia-open-gpu-kernel-modules_525.85.12-1_source.buildinfo
Checksums-Sha256:
 b0d954d2f3e516aeb0a70133a04a0a0dcb06afd0a7064b5f5f5f6fd3766a39b9 2719 
nvidia-open-gpu-kernel-modules_525.85.12-1.dsc
 87fa34644d99644b97c4eb6f16a06e576b6b25afd9efba87b4111eb4d995a193 6101028 
nvidia-open-gpu-kernel-modules_525.85.12.orig.tar.xz
 73e4bcc9a0edeb9cac2f5c284a2a29a4beed5b666b1147c019c82e486bb8d34b 19292 
nvidia-open-gpu-kernel-modules_525.85.12-1.debian.tar.xz
 fbf60b63436cb0913106b114209fc9bf0c468ee111518e7ffd9e81d22e8cc0cf 5626 
nvidia-open-gpu-kernel-modules_525.85.12-1_source.buildinfo
Files:
 e32af309c014e5916675a4cf170b9a44 2719 contrib/kernel optional 
nvidia-open-gpu-kernel-modules_525.85.12-1.dsc
 943135eb5e0ce4601518b3cd6bfdd0d3 6101028 contrib/kernel optional 
nvidia-open-gpu-kernel-modules_525.85.12.orig.tar.xz
 2fd70ffc9ddffca6d8da71449dce2622 19292 contrib/kernel optional 
nvidia-open-gpu-kernel-modules_525.85.12-1.debian.tar.xz
 e3f338980ec5644e305a4ac538b99c4d 5626 contrib/kernel optional 
nvidia-open-gpu-kernel-modules_525.85.12-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJEBAEBCAAuFiEE6/MKMKjZxjvaRMaUX7M/k1np7QgFAmPqPr8QHGFuYmVAZGVi
aWFuLm9yZwAKCRBfsz+TWentCPngD/wKO22CicbnwLfH/lpErPxNFsemTfh6iRj3
swLTU/icuP2WTyb+Jwf6S0uPQokScPa+iCUIymPw7DsrwFtUNKH9sw+KlTUDK4xB
qhFLKDc+Ich9Rm4bfL03BbCObmOUQLM38kPFnqNfVpT47w68uf1M68Y52v39XEla
OSS58FZEgfvXaXa0l6Oda2oj23P55cYGII1Ue+77CsagAZHIQEkgcoY+GVbeV//y
Mf9uHCXeyl/RU7mUfmxvOsqJIBVFWchd0RvaP2qV8lRaJ/9uwGcAZfohysge+n0b
0RpWqFhCV/W8CR420eQjPHSioeTcrcaoPNBRfnxDSCgCki1g/yoMphnPAQKiU/Ll
MFtcshcEEg95zwaRSGwPqUOgg7EUZlACn+qev/A4LGTciRYioKVw+cE66GSvtwbo
UACotzu94+cxNWaL4PPMoPa+KCyCym83MBmpxl7HyXIQVEHbWxhFbsRtwE10krWO
PF0aqITmjfm/bD+0xgSAIiUhcAjUeNySvZsdqmmHaftxGG6VyP/o+6IdQAH/hrsw
632bHWFbGhlkpve1MVkDAbj3ck/VHS57dFd9egBZT5thp3CHmMWIgd/poX5rc56w
4DkLcInbldG9GYUICeg+ylExulH9fgAXOv0MkyvkRgDv4UYjRKRMS62lpE12aas5
h515rletyg==
=OKJC
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to