Your message dated Thu, 12 Nov 2020 22:45:51 +0000 with message-id <e1kdllj-000acs...@fasolo.debian.org> and subject line Bug#973543: fixed in nvidia-cuda-toolkit 11.1.1-1 has caused the Debian Bug report #973543, regarding nvidia-cuda-toolkit: CVE-2020-5991 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 973543: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973543 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: nvidia-cuda-toolkit Version: 10.2.89-5 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for nvidia-cuda-toolkit. I have no further details apart what is in [1], which seem to indicate Operating System Windows only. Do you find more information on that? If this is confirmed that it only affects nvidia-cuda-toolkit on windows then feel free to close the bug accordingly, otherwise probably an update to 11.1.1 in unstable would be good. CVE-2020-5991[0]: | NVIDIA CUDA Toolkit, all versions prior to 11.1.1, contains a | vulnerability in the NVJPEG library in which an out-of-bounds read or | write operation may lead to code execution, denial of service, or | information disclosure. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-5991 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5991 [1] https://nvidia.custhelp.com/app/answers/detail/a_id/5094 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: nvidia-cuda-toolkit Source-Version: 11.1.1-1 Done: Andreas Beckmann <a...@debian.org> We believe that the bug you reported is fixed in the latest version of nvidia-cuda-toolkit, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 973...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Andreas Beckmann <a...@debian.org> (supplier of updated nvidia-cuda-toolkit package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 12 Nov 2020 22:23:18 +0100 Source: nvidia-cuda-toolkit Architecture: source Version: 11.1.1-1 Distribution: experimental Urgency: medium Maintainer: Debian NVIDIA Maintainers <pkg-nvidia-de...@lists.alioth.debian.org> Changed-By: Andreas Beckmann <a...@debian.org> Closes: 973543 Changes: nvidia-cuda-toolkit (11.1.1-1) experimental; urgency=medium . * New upstream release 11.1 Update 1 (Oct 2020). * Fixes CVE-2020-5991. (Closes: #973543) https://nvidia.custhelp.com/app/answers/detail/a_id/5094 * Refresh cuda-gdb 11.0.221 patch. * Add gcc-10 (default) and clang-10 as supported compiler alternatives. * Driver 450.80.02 is sufficient. * Conflict with Ubuntu .deb packages from NVIDIA that cause file conflicts. (LP: #1901239) * Update Lintian overrides. Checksums-Sha1: 53206a6a732fb6acaee609f884bd7390bd4a61a2 8593 nvidia-cuda-toolkit_11.1.1-1.dsc 37bc275b9e90677842b063dce0c0997612d1dec4 2072773124 nvidia-cuda-toolkit_11.1.1.orig-amd64.tar.xz 72effe5a885fed9ae687d66d3e954ff90725a883 1553411136 nvidia-cuda-toolkit_11.1.1.orig-arm64.tar.xz 6d6297443641be20c955f4115b1060cc581bb9d1 27471664 nvidia-cuda-toolkit_11.1.1.orig-openjdk-8-jre-amd64-8u252-b09-1-d9u1.tar.xz 4f2f7309a8d1e4fa36041a6d52b23e2f1f20d3bb 26562820 nvidia-cuda-toolkit_11.1.1.orig-openjdk-8-jre-ppc64el-8u252-b09-1-d9u1.tar.xz 06f732cee1b4492cd3e93c5f81d990f2743d746f 71935984 nvidia-cuda-toolkit_11.1.1.orig-openjdk-8-source-8u252-b09-1-d9u1.tar.xz 3c64eb8c77b6af80234ba9d9a84b17f0e0885109 1781448612 nvidia-cuda-toolkit_11.1.1.orig-ppc64el.tar.xz 90b2547b6b2267e7134a1fc44a685772d91bb337 192 nvidia-cuda-toolkit_11.1.1.orig.tar.xz 871e693b1028194b387f791ebba9c9884a3538df 3642184 nvidia-cuda-toolkit_11.1.1-1.debian.tar.xz 5aba6651f5a6d2db046506c8f2021e8121517885 5859 nvidia-cuda-toolkit_11.1.1-1_source.buildinfo Checksums-Sha256: f8777ac2c414d04c174f597121110effe6a36bf9131da0900fd6f47e57ee4e47 8593 nvidia-cuda-toolkit_11.1.1-1.dsc bf947af85845cfe967593d03a61a8122ea6f3f853b189a3baca91256b8d4a1c8 2072773124 nvidia-cuda-toolkit_11.1.1.orig-amd64.tar.xz d46346280071a1d2d4059cc60bda5bec82a527861afb1e874a0f1262d8c01d55 1553411136 nvidia-cuda-toolkit_11.1.1.orig-arm64.tar.xz 82cafc3f6ea4929afc9d44b86a6122ba087e3650a6d9d952ba682792215f2cfb 27471664 nvidia-cuda-toolkit_11.1.1.orig-openjdk-8-jre-amd64-8u252-b09-1-d9u1.tar.xz 3de4435048ccf9f4fffff1b6c5484bcc83a494928763df0ed9f6f621665fb154 26562820 nvidia-cuda-toolkit_11.1.1.orig-openjdk-8-jre-ppc64el-8u252-b09-1-d9u1.tar.xz fbd5ba9df3fb9cb37e25d43308397f360ca44537f7317bb4231aa540d164a36e 71935984 nvidia-cuda-toolkit_11.1.1.orig-openjdk-8-source-8u252-b09-1-d9u1.tar.xz 03c08a594133f20da095f13d11c2b4fb4932d203460bf087495d09e38e937b49 1781448612 nvidia-cuda-toolkit_11.1.1.orig-ppc64el.tar.xz 648af8dc1732c07c07d2600f80eae0e3a13f8044ebe8a99c1fc281aa7b001e11 192 nvidia-cuda-toolkit_11.1.1.orig.tar.xz 7f08ac2694e6caad91da38a765c2d2c193a7e54630e5278229b031fb7f574ec0 3642184 nvidia-cuda-toolkit_11.1.1-1.debian.tar.xz 067441875639ae0b3a8d1573cd64b22fda8b0d8adab77c8c27ba62f0dfd6ed68 5859 nvidia-cuda-toolkit_11.1.1-1_source.buildinfo Files: 788cf5e1f28679f73fdb3283d44ac687 8593 non-free/libs optional nvidia-cuda-toolkit_11.1.1-1.dsc 5a0e13be742b6d6849f3df9e7a6f2821 2072773124 non-free/libs optional nvidia-cuda-toolkit_11.1.1.orig-amd64.tar.xz 893912bc55c446d8968a7bb66061297a 1553411136 non-free/libs optional nvidia-cuda-toolkit_11.1.1.orig-arm64.tar.xz 64f48a03f39174d5984b7eb242ed72b2 27471664 non-free/libs optional nvidia-cuda-toolkit_11.1.1.orig-openjdk-8-jre-amd64-8u252-b09-1-d9u1.tar.xz c9d1e055eff7fbe5ec26012982a297c9 26562820 non-free/libs optional nvidia-cuda-toolkit_11.1.1.orig-openjdk-8-jre-ppc64el-8u252-b09-1-d9u1.tar.xz c58672af0b0dea10c20554b28d4d204f 71935984 non-free/libs optional nvidia-cuda-toolkit_11.1.1.orig-openjdk-8-source-8u252-b09-1-d9u1.tar.xz deb5107c2815d8d01f522e9b634a9698 1781448612 non-free/libs optional nvidia-cuda-toolkit_11.1.1.orig-ppc64el.tar.xz 26e6976a146d1e41621e532235e856f9 192 non-free/libs optional nvidia-cuda-toolkit_11.1.1.orig.tar.xz 796392f170b5c369d9ce306ce65db35b 3642184 non-free/libs optional nvidia-cuda-toolkit_11.1.1-1.debian.tar.xz dfb5f351d29f6d75833d8d2754c3a28c 5859 non-free/libs optional nvidia-cuda-toolkit_11.1.1-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJEBAEBCAAuFiEE6/MKMKjZxjvaRMaUX7M/k1np7QgFAl+tsrcQHGFuYmVAZGVi aWFuLm9yZwAKCRBfsz+TWentCFPbD/0TwzotgKkhrOi3gHvl9Ylre1xYyIEiWgNo WY9inN/B3mqiuxdxxnIHHeGniupoG0B3Oz7jSpIIeHQhPYg990yaKgVwBp3WIPtQ kYiGZaDPl0HYGV4nY3kEbUpolKSmG9ldkpVcnP3tELA3VvmTZ+ywmCJF5ltmjr8k 9AvtHnG+4CAAt6HHDAhrEO2+GxXo2Fn/mu3hsw+XlA0OJyQnf3RTGQldg2bfcJgE JxFcVvNePaHIfXND1AgQa5WTSForcf8NFs4k0Q8LCMrsiOsuy5IDJikz/075UfQE Xt/eRw74MxZ4Ewz3c8vVm+XTDg06cM+g5WzxzoxPWJnDTrDwRjp2KGRnhHsyAmp7 BBRyYjj87cKb62INbK8BkvEcINI77kjUvPgbLPNJzonwrQnqGfrfqkErUraxtsqq +2s0fpRAH3XEWKpiNDDhx2SeuiGvgFx23eX5OBzIYZ1VuZFrKcQvgf39c4Lhlz6P d3z3aXRJBFoEl6IRAlPNr0Al3PpFGz57kWvkf9+Ly55qhv9NDzUwRCwMBWyct4j/ LyB4bfpthpodVwMCJSQbl3F8OO8P2+yz/Zt3oH4becq+sm15/D9tOKSM86goMkbu i9H0ogHH7X9scM9p5RUPgfLnbfazvFDyfunGRBxICMz5s9zab8b0y0EeWZ93nWBI sh6Ha1LHUg== =DUTV -----END PGP SIGNATURE-----
--- End Message ---
