Your message dated Sat, 17 Oct 2015 01:33:47 +0000 with message-id <e1zngnx-0003ke...@franck.debian.org> and subject line Bug#800567: fixed in nvidia-graphics-drivers-legacy-304xx 304.128-5 has caused the Debian Bug report #800567, regarding nvidia-graphics-drivers: CVE-2015-5950 Memory corruption due to an unsanitized pointer in the NVIDIA display driver to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 800567: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=800567 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: nvidia-graphics-drivers Version: 304.22-1 Severity: serious Tags: security https://nvidia.custhelp.com/app/answers/detail/a_id/3763 A vulnerability has been found in the NVIDIA driver that could be used to allow a local, non-privileged user to corrupt kernel memory. This could be used to gain local root privileges. A local user can issue a specially crafted IOCTL to write a 32-bit integer value stored in the kernel driver to a user-specified memory location, potentially in the kernel address space. The user has a limited ability to influence the value of the integer that is written. Exploit Scope and Risk: This issue is present on Windows and Linux operating systems and affects all currently supported NVIDIA driver releases and all GPUs. This issue does not affect Android-based NVIDIA Tegra products. Branch 1st version including the fix R304 304.128 R340 340.93 R352 352.41 Andreas
--- End Message ---
--- Begin Message ---Source: nvidia-graphics-drivers-legacy-304xx Source-Version: 304.128-5 We believe that the bug you reported is fixed in the latest version of nvidia-graphics-drivers-legacy-304xx, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 800...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Andreas Beckmann <a...@debian.org> (supplier of updated nvidia-graphics-drivers-legacy-304xx package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 17 Oct 2015 03:07:13 +0200 Source: nvidia-graphics-drivers-legacy-304xx Binary: nvidia-legacy-304xx-driver xserver-xorg-video-nvidia-legacy-304xx libgl1-nvidia-legacy-304xx-glx libgl1-nvidia-legacy-304xx-glx-i386 nvidia-legacy-304xx-alternative nvidia-legacy-304xx-kernel-dkms nvidia-legacy-304xx-kernel-source Architecture: source Version: 304.128-5 Distribution: unstable Urgency: medium Maintainer: Debian NVIDIA Maintainers <pkg-nvidia-de...@lists.alioth.debian.org> Changed-By: Andreas Beckmann <a...@debian.org> Description: libgl1-nvidia-legacy-304xx-glx - NVIDIA binary OpenGL libraries${nvidia:LegacyDesc} libgl1-nvidia-legacy-304xx-glx-i386 - NVIDIA binary OpenGL 32-bit libraries${nvidia:LegacyDesc} nvidia-legacy-304xx-alternative - allows the selection of NVIDIA as GLX provider nvidia-legacy-304xx-driver - NVIDIA metapackage${nvidia:LegacyDesc} nvidia-legacy-304xx-kernel-dkms - NVIDIA binary kernel module DKMS source${nvidia:LegacyDesc} nvidia-legacy-304xx-kernel-source - NVIDIA binary kernel module source${nvidia:LegacyDesc} xserver-xorg-video-nvidia-legacy-304xx - NVIDIA binary Xorg driver${nvidia:LegacyDesc} Closes: 800567 Changes: nvidia-graphics-drivers-legacy-304xx (304.128-5) unstable; urgency=medium . * Upload to unstable. . nvidia-graphics-drivers-legacy-304xx (304.128-1) UNRELEASED; urgency=medium . * New upstream legacy 304xx branch release 304.128 (2015-08-31). * Fixed CVE-2015-5950: Memory corruption due to an unsanitized pointer. (Closes: #800567) * Improved compatibility with recent Linux kernels. * Removed f_path.dentry.patch, fixed upstream. * Removed fixes-for-kernel-4.0.0.patch, fixed upstream. * Synchronize packaging with nvidia-graphics-drivers 340.93-0+deb8u1: * Synchronize packaging with nvidia-graphics-drivers 340.76-4: - Add ignore_xen_on_arm.patch needed for dkms build on armhf: armmp kernel headers ship with CONFIG_XEN enabled, which breaks the build, so since running this driver on XEN is currently not supported, ignore the check for XEN in nv-linux.h as a workaround on arm, and also disable CONFIG_XEN and CONFIG_XEN_DOM0 if building on <= 3.16. - README.source: Document setup for testing module compilation. * Synchronize packaging with nvidia-graphics-drivers 340.76-3: - Add Luca Boccassi to Uploaders. - nvidia-legacy-304xx-driver, nvidia-legacy-304xx-kernel-*: Report the latest tested Linux version that can build the kernel module in the package description. * Synchronize packaging with nvidia-graphics-drivers 340.76-1: nvidia-legacy-304xx-kernel-source: Use reproducible timestamps and file order inside /usr/src/nvidia-legacy-304xx-kernel.tar.xz. * Synchronize packaging with nvidia-graphics-drivers 304.128-1: - libgl1-nvidia-legacy-304xx-glx: Add Provides+Conflicts: libgl1-nvidia-glx-${nvidia:Version} to forbid co-installation of libgl1-nvidia-glx from the same upstream version due to file conflicts on versioned files that are not handled via alternatives. - bug-script: Synchronize with nvidia-graphics-drivers 340.93-4. * conftest.h: - Implement new conftest.sh functions file_inode, drm_pci_set_busid (340.76). - Implement check for linux/log2.h (346.16). - Implement check for xen/ioemu.h (346.59). - Implement new conftest.sh functions write_cr4, xen_ioemu_inject_msi (346.59), list_cut_position (349.12). - Implement new conftest.sh functions backing_dev_info (346.82), phys_to_dma, dma_ops, get_dma_ops, noncoherent_swiotlb_dma_ops (352.09). - Implement new conftest.sh function dma_map_ops (352.30). - Reorder conftest.h to match conftest.sh. - Implement new conftest.sh function nvidia_grid_build (352.41). * Update lintian overrides. Checksums-Sha1: 308c8f9f1cf953e47578ce8400c853dadca450a8 3096 nvidia-graphics-drivers-legacy-304xx_304.128-5.dsc dfdb745a26e275d1b9b77293641516e9791b3e46 106361560 nvidia-graphics-drivers-legacy-304xx_304.128.orig.tar.gz 46eada815c1a2fc69976729530c462ae34f7eca7 84428 nvidia-graphics-drivers-legacy-304xx_304.128-5.debian.tar.xz Checksums-Sha256: 8eee15ce97f566dcee8ae8f7184fad1f3b58e6f58b5f11fbb57f84ac9f3b1db2 3096 nvidia-graphics-drivers-legacy-304xx_304.128-5.dsc 0434c4ad289e6e66055c0d3e447a4c31643d872e060306e7dfa38a2262c02b8b 106361560 nvidia-graphics-drivers-legacy-304xx_304.128.orig.tar.gz 321160954e4c0e69270fd9bb47769e724f4d2d62dcb697540ff82e1d40be25e2 84428 nvidia-graphics-drivers-legacy-304xx_304.128-5.debian.tar.xz Files: 017a50c54802624dfe5cc8bd6d3065fa 3096 non-free/libs optional nvidia-graphics-drivers-legacy-304xx_304.128-5.dsc eb948ee35cce1d4586e6d5094e4c83d9 106361560 non-free/libs optional nvidia-graphics-drivers-legacy-304xx_304.128.orig.tar.gz 4147bdac0e9d4a6de0a90c199e23dc7a 84428 non-free/libs optional nvidia-graphics-drivers-legacy-304xx_304.128-5.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWIaIOAAoJEF+zP5NZ6e0IqhMP/AnU0l06vcOnpcP8parVUu0v 5RCwa4jLdUJxCPzVmianTItEQpkf8LyAcIe1nufg3vMaddCrpfFKsXX2NzSdpz0q il87VhaHMfE/Apq7MTOkSKsVdeGfwWHkHf9WceE76MAx7/bSvhQe0uZDBgu8WbGl H5wz/kR6anKLNiUmj1i3TLPNKgWTHT5TDvj5v/FqWs4aKhdg324PtzxYi5O63kM3 0pdKaB/a8KfGEEnNcLMIGLczo6EYHFi0wAJsFFV6oX8Wgw4EUDqSCHoMq0YIrN99 T8HKYm6DJ8NkU9j9R/LEUYMVMIlm5sitp7vXXJoaxKKvSPl9mVPqnaUAXVPd9lvb EH/CrY0V9V7ck7m1jTt2XW6EscwYrmm1M1zOJO1hsA7tHQuA+/lfux/5fLJ49VmI pf82bvK01hQecoazP4kmnOkOX+n9X+anqfoW6xp2M1Y9fHNLTHHPcy5S+rI/5+cg nm1Uq5BCy5P9BeB7ZH2Pp6ffyBR7eAxYz/YsO9CHwP5P8bYgUPbNuOLqzO6ORcyx moy4BXPOrDCDtLb9kJRpdEgafEyYkwtAt3VnA+fOW/c1UjJHXKtf/9ZdSEgkJeM1 MYM/MdMPvAtjK3654xsq8x+6jlCh5UHhmIyIYWZpd00RN4Ss8CYApO18rRrEaEE5 vJqOIqHfBB0Xj1kNcqbA =fe5h -----END PGP SIGNATURE-----
--- End Message ---
