Your message dated Tue, 5 Jun 2018 02:58:02 +0200
with message-id <855db99e-87b6-7bf8-1187-78e84b639...@debian.org>
and subject line wheezy-lts is EoL
has caused the Debian Bug report #772973,
regarding src:nvidia-graphics-drivers*: CVE-2014-8298: GLX-INDIRECT (Including
CVE-2014-8093, CVE-2014-8098)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
772973: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772973
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: nvidia-graphics-drivers
Severity: critical
Tags: security
This is the NVIDIA-specific part of
DSA-3095-1 xorg-server -- security update
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8298
The NVIDIA Linux Discrete GPU drivers before R304.125, R331.x before
R331.113, R340.x before R340.65, R343.x before R343.36, and R346.x
before R346.22, Lixux for Tegra (L4T) driver before R21.2, and Chrome OS
driver before R40 allows remote attackers to cause a denial of service
(segmentation fault and X server crash) or possibly execute arbitrary
code via a crafted GLX indirect rendering protocol request.
http://lists.x.org/archives/xorg-announce/2014-December/002500.html
http://nvidia.custhelp.com/app/answers/detail/a_id/3610
Release series fixed in version
-------------- ----------------
Releases prior to 304 Has reached 'end of life' and no longer
supported.
304.* 304.125 available as of 12/9
319.* no longer supported
331.* 331.113 available as of 12/9
340.* 340.65 available as of 12/9
343.* 343.36 available as of 12/9
346.* 346.22 Beta available as of 12/9
All NVIDIA drivers (in non-free) are affected:
not fixable (no new upstream release will be provided):
nvidia-graphics-drivers-legacy-96xx | 96.43.18-2 | squeeze/non-free
| source
nvidia-graphics-drivers-legacy-96xx | 96.43.23-3 | wheezy/non-free
| source
nvidia-graphics-drivers-legacy-96xx | 96.43.23-7~bpo70+1 |
wheezy-backports/non-free | source
nvidia-graphics-drivers-legacy-173xx | 173.14.27-2 | squeeze/non-free
| source
nvidia-graphics-drivers-legacy-173xx | 173.14.35-1~bpo60+2 |
squeeze-backports/non-free | source
nvidia-graphics-drivers-legacy-173xx | 173.14.35-4 | wheezy/non-free
| source
nvidia-graphics-drivers-legacy-173xx | 173.14.39-2~bpo70+1 |
wheezy-backports/non-free | source
nvidia-graphics-drivers | 195.36.31-6squeeze2 | squeeze/non-free
| source
nvidia-graphics-drivers | 295.59-1~bpo60+2 |
squeeze-backports/non-free | source
uploads planned (new upstream release required):
nvidia-graphics-drivers | 304.117-1 | wheezy/non-free
| source
nvidia-graphics-drivers-legacy-304xx | 304.123-4~bpo70+1 |
wheezy-backports/non-free | source
nvidia-graphics-drivers-legacy-304xx | 304.123-4 | jessie/non-free
| source
nvidia-graphics-drivers-legacy-304xx | 304.123-4 | sid/non-free
| source
nvidia-graphics-drivers | 319.82-1~bpo70+2 |
wheezy-backports/non-free | source
nvidia-graphics-drivers | 340.46-6 | jessie/non-free
| source
nvidia-graphics-drivers | 340.58-1 | sid/non-free
| source
nvidia-graphics-drivers | 343.22-2 |
experimental/non-free | source
I expect wheezy (only nvidia-graphics-drivers can be fixed there)
shall be fixed via wheezy-proposed-updates, no DSA, as in the previous ones?
Andreas
--- End Message ---
--- Begin Message ---
wheezy(-lts) is now EoL and this legacy driver is not present in any
newer releases.
Andreas
--- End Message ---
