Your message dated Mon, 18 Jan 2016 12:35:06 +0000 with message-id <e1al91w-00025k...@franck.debian.org> and subject line Bug#800566: fixed in nvidia-graphics-drivers 346.96-1 has caused the Debian Bug report #800566, regarding nvidia-graphics-drivers: CVE-2015-5950 Memory corruption due to an unsanitized pointer in the NVIDIA display driver to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 800566: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=800566 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: nvidia-graphics-drivers Version: 304.22-1 Severity: serious Tags: security https://nvidia.custhelp.com/app/answers/detail/a_id/3763 A vulnerability has been found in the NVIDIA driver that could be used to allow a local, non-privileged user to corrupt kernel memory. This could be used to gain local root privileges. A local user can issue a specially crafted IOCTL to write a 32-bit integer value stored in the kernel driver to a user-specified memory location, potentially in the kernel address space. The user has a limited ability to influence the value of the integer that is written. Exploit Scope and Risk: This issue is present on Windows and Linux operating systems and affects all currently supported NVIDIA driver releases and all GPUs. This issue does not affect Android-based NVIDIA Tegra products. Branch 1st version including the fix R304 304.128 R340 340.93 R352 352.41 Andreas
--- End Message ---
--- Begin Message ---Source: nvidia-graphics-drivers Source-Version: 346.96-1 We believe that the bug you reported is fixed in the latest version of nvidia-graphics-drivers, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 800...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Andreas Beckmann <a...@debian.org> (supplier of updated nvidia-graphics-drivers package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 18 Jan 2016 12:50:19 +0100 Source: nvidia-graphics-drivers Binary: nvidia-driver nvidia-driver-bin xserver-xorg-video-nvidia libgl1-nvidia-glx libgl1-nvidia-glx-i386 libegl1-nvidia libgles1-nvidia libgles2-nvidia libnvidia-eglcore nvidia-alternative nvidia-kernel-support nvidia-kernel-dkms nvidia-kernel-source nvidia-vdpau-driver nvidia-smi nvidia-cuda-mps libcuda1 libcuda1-i386 libnvidia-compiler libnvcuvid1 libnvidia-encode1 libnvidia-ifr1 libnvidia-fbc1 libnvidia-ml1 nvidia-opencl-common nvidia-opencl-icd nvidia-libopencl1 nvidia-detect Architecture: source Version: 346.96-1 Distribution: unstable Urgency: low Maintainer: Debian NVIDIA Maintainers <pkg-nvidia-de...@lists.alioth.debian.org> Changed-By: Andreas Beckmann <a...@debian.org> Description: libcuda1 - NVIDIA CUDA Driver Library libcuda1-i386 - NVIDIA CUDA 32-bit runtime library${nvidia:LegacyDesc} libegl1-nvidia - NVIDIA binary EGL libraries${nvidia:LegacyDesc} libgl1-nvidia-glx - NVIDIA binary OpenGL libraries${nvidia:LegacyDesc} libgl1-nvidia-glx-i386 - NVIDIA binary OpenGL 32-bit libraries${nvidia:LegacyDesc} libgles1-nvidia - NVIDIA binary OpenGL|ES 1.x libraries${nvidia:LegacyDesc} libgles2-nvidia - NVIDIA binary OpenGL|ES 2.x libraries${nvidia:LegacyDesc} libnvcuvid1 - NVIDIA CUDA Video Decoder runtime library libnvidia-compiler - NVIDIA runtime compiler library libnvidia-eglcore - NVIDIA binary EGL core libraries${nvidia:LegacyDesc} libnvidia-encode1 - NVENC Video Encoding runtime library libnvidia-fbc1 - NVIDIA OpenGL-based Framebuffer Capture runtime library libnvidia-ifr1 - NVIDIA OpenGL-based Inband Frame Readback runtime library libnvidia-ml1 - NVIDIA Management Library (NVML) runtime library nvidia-alternative - allows the selection of NVIDIA as GLX provider nvidia-cuda-mps - NVIDIA CUDA Multi Process Service (MPS) nvidia-detect - NVIDIA GPU detection utility nvidia-driver - NVIDIA metapackage${nvidia:LegacyDesc} nvidia-driver-bin - NVIDIA driver support binaries${nvidia:LegacyDesc} nvidia-kernel-dkms - NVIDIA binary kernel module DKMS source${nvidia:LegacyDesc} nvidia-kernel-source - NVIDIA binary kernel module source${nvidia:LegacyDesc} nvidia-kernel-support - NVIDIA binary kernel module support files${nvidia:LegacyDesc} nvidia-libopencl1 - NVIDIA OpenCL ICD Loader library nvidia-opencl-common - NVIDIA OpenCL driver nvidia-opencl-icd - NVIDIA OpenCL installable client driver (ICD) nvidia-smi - NVIDIA System Management Interface nvidia-vdpau-driver - Video Decode and Presentation API for Unix - NVIDIA driver xserver-xorg-video-nvidia - NVIDIA binary Xorg driver${nvidia:LegacyDesc} Closes: 800566 811349 Changes: nvidia-graphics-drivers (346.96-1) unstable; urgency=low . * New upstream release 346.96 (2015-09-01). (Closes: #811349) * Fixed CVE-2015-5950: Memory corruption due to an unsanitized pointer. (Closes: #800566) - Added support for the following GPU: Tesla K80. * New upstream release 346.87 (2015-07-21). - Added support for the following GPU: GeForce 910M. * New upstream release 346.82 (2015-06-23). - Added support for the following GPUs: Tesla K40t, GeForce 720A, GeForce 920A, GeForce 930A, GeForce 940A, GeForce GTX 950A, GeForce GTX 980 Ti. * Merge changes from 343.36-3. * Update nv-readme.ids. * UVM is no longer available on 32-bit architectures. * Use nvidia-drm-outputclass.conf as shipped by NVIDIA. * d/module/debian/rules: Explicitly copy Module.symvers from the nvidia.ko kernel module for use by the nvidia-uvm.ko module, since the dependencies in Kbuild seem not to work in all cases. * Add armhf specific symbols. * Upload to unstable. Checksums-Sha1: b1356e4d03bdc56d828e9e7dfd4877705611baf2 4529 nvidia-graphics-drivers_346.96-1.dsc 2823f90954820d71124c7acfa21de997807590cc 137155316 nvidia-graphics-drivers_346.96.orig.tar.gz 003f36d3064305b255df001533f7f0773517e607 135288 nvidia-graphics-drivers_346.96-1.debian.tar.xz Checksums-Sha256: 842e1d04723724cc662b3d7641b4040c0bb5125214839d6be64f2da6660745a4 4529 nvidia-graphics-drivers_346.96-1.dsc f2f8e91f7d885116a88aa732392ab58c49c09b2f3a3b8420ff1cb8cc2f1b4332 137155316 nvidia-graphics-drivers_346.96.orig.tar.gz bcf3324d7d1a31b799dfbd05847806c09f4773d58d64d99fec2fe1d0e0224689 135288 nvidia-graphics-drivers_346.96-1.debian.tar.xz Files: c48124ae1165337c3227076e6824534a 4529 non-free/libs optional nvidia-graphics-drivers_346.96-1.dsc 7ccbf78c086d7bace9fa8107ba685c83 137155316 non-free/libs optional nvidia-graphics-drivers_346.96.orig.tar.gz d66e95512a31ec0563598fc522d01000 135288 non-free/libs optional nvidia-graphics-drivers_346.96-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWnNjhAAoJEF+zP5NZ6e0Ib1UP/2U0cyKK/KmgWO+hjxZ61f7E yjACmeqeQjKoCahAUDE0Iod+59trVQVXq3b2Knh4nZU+zCbTiQoYG8fgAflovDhB +TgWBHpz9d/TkDVmq0vNBIgR98yEsaC2LK5ta+OkQ5+qYUPCTC/75dcM5WfHD4mE 73nyUC2/Ar/203x5XMUIr8OHdQUxTetDh4NP8fCnnQVQqCYXpPRPZ3sNgqVJQ7dD cniUJGIYxNeIBvdnlc/wma7sJa/fcirtXRD8HQgASv7WaDgp/K1FsLq4AcCTAVbI s1KW55fAjfhW1FjlZgHbqzrtEk/HwNrN6l60lsz0nbwKE+fqxZzEgijgBZ7Zimwf O/9QKMFmlVtFZDS2ATDitxYSJkoPzJxvdun+bTTasYuEEZdbnfAkPs8g4iG7lsse NYjBFwSruwrb94b4C4VAM6HwIntSxwQc34sbiMRODAdpLMld9SF+oWp6YU4A2WWd NlRYCS82eiQ25/RjB7HLe2Ch8WJJ7w6uRSHUs0guG4bYm0RRfgvnrEYyj4jSX2Pi q5qw6CMXMIN42YYEUPHSWncPFXINxQJw1lVIC+ThUtewjt5zk5jEB/DMflG2Bp/6 zVJHuudyc8tWmY9tgDN54Wbh1r7+giGmRn4n7BE1BvhE+3ZGuqMzqEVea0IzgKoR H2mFQm29phKTdclegLh3 =O4JZ -----END PGP SIGNATURE-----
--- End Message ---
