Your message dated Thu, 05 Nov 2015 16:47:07 +0000 with message-id <e1zungp-0004zy...@franck.debian.org> and subject line Bug#800567: fixed in nvidia-graphics-drivers-legacy-304xx 304.128-1 has caused the Debian Bug report #800567, regarding nvidia-graphics-drivers: CVE-2015-5950 Memory corruption due to an unsanitized pointer in the NVIDIA display driver to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 800567: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=800567 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: nvidia-graphics-drivers Version: 304.22-1 Severity: serious Tags: security https://nvidia.custhelp.com/app/answers/detail/a_id/3763 A vulnerability has been found in the NVIDIA driver that could be used to allow a local, non-privileged user to corrupt kernel memory. This could be used to gain local root privileges. A local user can issue a specially crafted IOCTL to write a 32-bit integer value stored in the kernel driver to a user-specified memory location, potentially in the kernel address space. The user has a limited ability to influence the value of the integer that is written. Exploit Scope and Risk: This issue is present on Windows and Linux operating systems and affects all currently supported NVIDIA driver releases and all GPUs. This issue does not affect Android-based NVIDIA Tegra products. Branch 1st version including the fix R304 304.128 R340 340.93 R352 352.41 Andreas
--- End Message ---
--- Begin Message ---Source: nvidia-graphics-drivers-legacy-304xx Source-Version: 304.128-1 We believe that the bug you reported is fixed in the latest version of nvidia-graphics-drivers-legacy-304xx, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 800...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Andreas Beckmann <a...@debian.org> (supplier of updated nvidia-graphics-drivers-legacy-304xx package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 01 Nov 2015 19:04:36 +0100 Source: nvidia-graphics-drivers-legacy-304xx Binary: nvidia-legacy-304xx-driver xserver-xorg-video-nvidia-legacy-304xx libgl1-nvidia-legacy-304xx-glx libgl1-nvidia-legacy-304xx-glx-i386 nvidia-legacy-304xx-alternative nvidia-legacy-304xx-kernel-dkms nvidia-legacy-304xx-kernel-source Architecture: source Version: 304.128-1 Distribution: jessie Urgency: medium Maintainer: Debian NVIDIA Maintainers <pkg-nvidia-de...@lists.alioth.debian.org> Changed-By: Andreas Beckmann <a...@debian.org> Description: libgl1-nvidia-legacy-304xx-glx - NVIDIA binary OpenGL libraries${nvidia:LegacyDesc} libgl1-nvidia-legacy-304xx-glx-i386 - NVIDIA binary OpenGL 32-bit libraries${nvidia:LegacyDesc} nvidia-legacy-304xx-alternative - allows the selection of NVIDIA as GLX provider nvidia-legacy-304xx-driver - NVIDIA metapackage${nvidia:LegacyDesc} nvidia-legacy-304xx-kernel-dkms - NVIDIA binary kernel module DKMS source${nvidia:LegacyDesc} nvidia-legacy-304xx-kernel-source - NVIDIA binary kernel module source${nvidia:LegacyDesc} xserver-xorg-video-nvidia-legacy-304xx - NVIDIA binary Xorg driver${nvidia:LegacyDesc} Closes: 800567 Changes: nvidia-graphics-drivers-legacy-304xx (304.128-1) jessie; urgency=medium . * New upstream legacy 304xx branch release 304.128 (2015-08-31). * Fixed CVE-2015-5950: Memory corruption due to an unsanitized pointer. (Closes: #800567) * Improved compatibility with recent Linux kernels. * Removed f_path.dentry.patch, fixed upstream. * Removed fixes-for-kernel-4.0.0.patch, fixed upstream. * Synchronize packaging with nvidia-graphics-drivers 340.93-0+deb8u1: * Synchronize packaging with nvidia-graphics-drivers 340.76-4: - README.source: Document setup for testing module compilation. * Synchronize packaging with nvidia-graphics-drivers 340.76-3: - Add Luca Boccassi to Uploaders. - nvidia-legacy-304xx-driver, nvidia-legacy-304xx-kernel-*: Report the latest tested Linux version that can build the kernel module in the package description. * Synchronize packaging with nvidia-graphics-drivers 340.76-1: nvidia-legacy-304xx-kernel-source: Use reproducible timestamps and file order inside /usr/src/nvidia-legacy-304xx-kernel.tar.xz. * Synchronize packaging with nvidia-graphics-drivers 304.128-1: - libgl1-nvidia-legacy-304xx-glx: Add Provides+Conflicts: libgl1-nvidia-glx-${nvidia:Version} to forbid co-installation of libgl1-nvidia-glx from the same upstream version due to file conflicts on versioned files that are not handled via alternatives. - bug-script: Synchronize with nvidia-graphics-drivers 340.93-4. * conftest.h: - Implement new conftest.sh functions file_inode, drm_pci_set_busid (340.76). - Implement check for linux/log2.h (346.16). - Implement check for xen/ioemu.h (346.59). - Implement new conftest.sh functions write_cr4, xen_ioemu_inject_msi (346.59), list_cut_position (349.12). - Implement new conftest.sh functions backing_dev_info (346.82), phys_to_dma, dma_ops, get_dma_ops, noncoherent_swiotlb_dma_ops (352.09). - Implement new conftest.sh function dma_map_ops (352.30). - Reorder conftest.h to match conftest.sh. - Implement new conftest.sh function nvidia_grid_build (352.41). * Update lintian overrides. * Upload to jessie. Checksums-Sha1: 8aa4db27a64ed08be4d2f58fe055a76be75bbc41 3096 nvidia-graphics-drivers-legacy-304xx_304.128-1.dsc dfdb745a26e275d1b9b77293641516e9791b3e46 106361560 nvidia-graphics-drivers-legacy-304xx_304.128.orig.tar.gz e2b18e48f0c4057793835fa98f3bed2586de04f1 84196 nvidia-graphics-drivers-legacy-304xx_304.128-1.debian.tar.xz Checksums-Sha256: 74fdaa1e6d63f40e542e60482e766c304f3cde5d099fa749f7d262dc5ba37535 3096 nvidia-graphics-drivers-legacy-304xx_304.128-1.dsc 0434c4ad289e6e66055c0d3e447a4c31643d872e060306e7dfa38a2262c02b8b 106361560 nvidia-graphics-drivers-legacy-304xx_304.128.orig.tar.gz 629259f259d4e8d3b4bc04b76d722421e72631367ea19acc7e4e859e6a51487c 84196 nvidia-graphics-drivers-legacy-304xx_304.128-1.debian.tar.xz Files: 0355422b1b586d4cbeca5771a3aad505 3096 non-free/libs optional nvidia-graphics-drivers-legacy-304xx_304.128-1.dsc eb948ee35cce1d4586e6d5094e4c83d9 106361560 non-free/libs optional nvidia-graphics-drivers-legacy-304xx_304.128.orig.tar.gz b16922ed3e3a8ba33000ce08f4aab270 84196 non-free/libs optional nvidia-graphics-drivers-legacy-304xx_304.128-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWNlYTAAoJEF+zP5NZ6e0IbuEQAImoghSRLWXGF95VFN8Z6qXJ 0Q/w/4WXA7rBloqMBpjY+IvoUGtdt/v++JsmlwMW7CIugQqZ1Vwhh0R3E20hxqpx /gwcuhGbpVYu66ZPDArO5YmzM/vBajcXZXpFIl9k5nTlIfmmDs6fIDhNu3lRmFpo SKRtCHTGYlrkASsAcW0YByEckaK0Z4W1YeMcRCqMS8hAWUa86HAoborcunho70XO CObAZAHDAl08N0wXzr3JxQc5QpS2JwLeM8+xMzumrjUjr7xHLZGkseq3nAsdeq0x l21n295/AwNdKLp2iLM+auF1QyaXZUi/4mM3L3jADbs7vjZdk5COuCe/6hudhX/2 J2KWesSlkhYYIEl7G4qN5vsZpmEt5rZBvAzmW36/znMAWzsGK2ZNIgfYL+VukYez CXjfPmljb4lYPHojX5Ww9bU9V0y0sB5gZzzA9WcJTdT7mauJrgvp0Oa6/kj0Ffjh 3a+0icEckTqKy4XCH9+TExNuglcIRP2f3+T/f2v51qqGlBGmDL+H0Sfn7ruSbvwh 5qkZJ4gSXwStj+MtNcTF6s2GVceBjbA/j0y8wFEEcn8142IcCtV9J7LcXxI30nyF ezzbEQJu8JeSEKEEh4qVI+k7/XHmVDRZQSMHKuvgePaxLn3NfdC2GdV+KC0La+c0 iMnoC6u3SRggWI5e1i4Z =kiYL -----END PGP SIGNATURE-----
--- End Message ---
