Bug#1025279: marked as done (nvidia-graphics-drivers: CVE-2022-34670, CVE-2022-34674, CVE-2022-34675, CVE-2022-34677, CVE-2022-34679, CVE-2022-34680, CVE-2022-34682, CVE-2022-34684, CVE-2022-42254, CVE-2022-42255, CVE-2022-42256, CVE-2022-42257, CVE-2022-42258, CVE-2022-42259, CVE-2022-42260, CVE-2022-42261, CVE-2022-42262, CVE-2022-42263, CVE-2022-42264)

[Debian Bug Tracking System]

Your message dated Sat, 10 Dec 2022 19:17:10 +0000
with message-id <e1p45ls-004rcf...@fasolo.debian.org>
and subject line Bug#1025279: fixed in nvidia-graphics-drivers 470.161.03-1
has caused the Debian Bug report #1025279,
regarding nvidia-graphics-drivers: CVE-2022-34670, CVE-2022-34674, 
CVE-2022-34675, CVE-2022-34677, CVE-2022-34679, CVE-2022-34680, CVE-2022-34682, 
CVE-2022-34684, CVE-2022-42254, CVE-2022-42255, CVE-2022-42256, CVE-2022-42257, 
CVE-2022-42258, CVE-2022-42259, CVE-2022-42260, CVE-2022-42261, CVE-2022-42262, 
CVE-2022-42263, CVE-2022-42264
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1025279: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025279
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: nvidia-graphics-drivers
Severity: serious
Tags: security upstream
Control: clone -1 -2 -3 -4 -5 -6 -7 -8 -9
Control: reassign -2 src:nvidia-graphics-drivers-legacy-340xx 340.76-6
Control: retitle -2 nvidia-graphics-drivers-legacy-340xx: CVE-2022-34670, 
CVE-2022-34674, CVE-2022-34675, CVE-2022-34677, CVE-2022-34680, CVE-2022-42257, 
CVE-2022-42258, CVE-2022-42259
Control: tag -2 + wontfix
Control: reassign -3 src:nvidia-graphics-drivers-legacy-390xx 390.48-4
Control: retitle -3 nvidia-graphics-drivers-legacy-390xx: CVE-2022-34670, 
CVE-2022-34674, CVE-2022-34675, CVE-2022-34677, CVE-2022-34680, CVE-2022-42257, 
CVE-2022-42258, CVE-2022-42259
Control: reassign -4 src:nvidia-graphics-drivers-tesla-418 418.87.01-1
Control: retitle -4 nvidia-graphics-drivers-tesla-418: CVE-2022-34670, 
CVE-2022-34674, CVE-2022-34675, CVE-2022-34677, CVE-2022-34679, CVE-2022-34680, 
CVE-2022-34682, CVE-2022-42254, CVE-2022-42256, CVE-2022-42257, CVE-2022-42258, 
CVE-2022-42259, CVE-2022-42260, CVE-2022-42261, CVE-2022-42262, CVE-2022-42263, 
CVE-2022-42264
Control: tag -4 + wontfix
Control: reassign -5 src:nvidia-graphics-drivers-tesla-450 450.51.05-1
Control: retitle -5 nvidia-graphics-drivers-tesla-450: CVE-2022-34670, 
CVE-2022-34674, CVE-2022-34675, CVE-2022-34677, CVE-2022-34679, CVE-2022-34680, 
CVE-2022-34682, CVE-2022-42254, CVE-2022-42256, CVE-2022-42257, CVE-2022-42258, 
CVE-2022-42259, CVE-2022-42260, CVE-2022-42261, CVE-2022-42262, CVE-2022-42263, 
CVE-2022-42264
Control: reassign -6 src:nvidia-graphics-drivers-tesla-460 460.32.03-1
Control: retitle -6 nvidia-graphics-drivers-tesla-460: CVE-2022-34670, 
CVE-2022-34674, CVE-2022-34675, CVE-2022-34677, CVE-2022-34679, CVE-2022-34680, 
CVE-2022-34682, CVE-2022-42254, CVE-2022-42255, CVE-2022-42256, CVE-2022-42257, 
CVE-2022-42258, CVE-2022-42259, CVE-2022-42260, CVE-2022-42261, CVE-2022-42262, 
CVE-2022-42263, CVE-2022-42264
Control: tag -6 + wontfix
Control: close -6 460.106.00-3
Control: reassign -7 src:nvidia-graphics-drivers-tesla-470 470.57.02-1
Control: retitle -7 nvidia-graphics-drivers-tesla-470: CVE-2022-34670, 
CVE-2022-34674, CVE-2022-34675, CVE-2022-34677, CVE-2022-34679, CVE-2022-34680, 
CVE-2022-34682, CVE-2022-42254, CVE-2022-42255, CVE-2022-42256, CVE-2022-42257, 
CVE-2022-42258, CVE-2022-42259, CVE-2022-42260, CVE-2022-42261, CVE-2022-42262, 
CVE-2022-42263, CVE-2022-42264
Control: reassign -8 src:nvidia-graphics-drivers-tesla-510 510.47.03-1
Control: retitle -8 nvidia-graphics-drivers-tesla-510: CVE-2022-34670, 
CVE-2022-34674, CVE-2022-34675, CVE-2022-34677, CVE-2022-34679, CVE-2022-34680, 
CVE-2022-34682, CVE-2022-34684, CVE-2022-42254, CVE-2022-42255, CVE-2022-42256, 
CVE-2022-42257, CVE-2022-42258, CVE-2022-42259, CVE-2022-42260, CVE-2022-42261, 
CVE-2022-42262, CVE-2022-42263, CVE-2022-42264
Control: reassign -9 src:nvidia-graphics-drivers-tesla 510.85.02-1
Control: retitle -9 nvidia-graphics-drivers-tesla: CVE-2022-34670, 
CVE-2022-34674, CVE-2022-34675, CVE-2022-34677, CVE-2022-34679, CVE-2022-34680, 
CVE-2022-34682, CVE-2022-34684, CVE-2022-42254, CVE-2022-42255, CVE-2022-42256, 
CVE-2022-42257, CVE-2022-42258, CVE-2022-42259, CVE-2022-42260, CVE-2022-42261, 
CVE-2022-42262, CVE-2022-42263, CVE-2022-42264
Control: found -1 340.24-1
Control: found -1 343.22-1
Control: found -1 396.18-1
Control: found -1 430.14-1
Control: found -1 455.23.04-1
Control: found -1 465.24.02-1
Control: found -1 495.44-1
Control: found -1 515.48.07-1

https://nvidia.custhelp.com/app/answers/detail/a_id/5415

CVE-2022-34670  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer handler, where an unprivileged
regular user can cause truncation errors when casting a primitive to a
primitive of smaller size causes data to be lost in the conversion,
which may lead to denial of service or information disclosure.

CVE-2022-42263  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer handler, where an Integer
overflow may lead to denial of service or information disclosure.

CVE-2022-34676  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer handler, where an out-of-bounds
read may lead to denial of service, information disclosure, or data
tampering.

CVE-2022-42264  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer, where an unprivileged regular
user can cause the use of an out-of-range pointer offset, which may lead
to data tampering, data loss, information disclosure, or denial of
service.

CVE-2022-34674  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer handler, where a helper function
maps more physical pages than were requested, which may lead to
undefined behavior or an information leak.

CVE-2022-34678  NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in the kernel mode layer, where an unprivileged user can
cause a null-pointer dereference, which may lead to denial of service.

CVE-2022-34679  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer handler, where an unhandled
return value can lead to a null-pointer dereference, which may lead to
denial of service.

CVE-2022-34680  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer handler, where an integer
truncation can lead to an out-of-bounds read, which may lead to denial
of service.

CVE-2022-34677  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer handler, where an unprivileged
regular user can cause an integer to be truncated, which may lead to
denial of service or data tampering.

CVE-2022-34682  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer, where an unprivileged regular
user can cause a null-pointer dereference, which may lead to denial of
service.

CVE-2022-42257  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer (nvidia.ko), where an integer
overflow may lead to information disclosure, data tampering or denial of
service.

CVE-2022-42265  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer (nvidia.ko), where an integer
overflow may lead to information disclosure or data tampering.

CVE-2022-34684  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer (nvidia.ko), where an off-by-one
error may lead to data tampering or information disclosure.

CVE-2022-42254  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer (nvidia.ko), where an
out-of-bounds array access may lead to denial of service, data
tampering, or information disclosure.

CVE-2022-42258  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer (nvidia.ko), where an integer
overflow may lead to denial of service, data tampering, or information
disclosure.

CVE-2022-42255  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer (nvidia.ko), where an
out-of-bounds array access may lead to denial of service, information
disclosure, or data tampering.

CVE-2022-42256  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer (nvidia.ko), where an integer
overflow in index validation may lead to denial of service, information
disclosure, or data tampering.

CVE-2022-34673  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer (nvidia.ko), where an
out-of-bounds array access may lead to denial of service, information
disclosure, or data tampering.

CVE-2022-42259  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer (nvidia.ko), where an integer
overflow may lead to denial of service.


Linux Driver Branch     CVE IDs Addressed
R515    CVE-2022-34670, CVE-2022-34673, CVE-2022-34674, CVE-2022-34675,
        CVE-2022-34677, CVE-2022-34679, CVE-2022-34680, CVE-2022-34682,
        CVE-2022-34684, CVE-2022-42254, CVE-2022-42255, CVE-2022-42256,
        CVE-2022-42257, CVE-2022-42258, CVE-2022-42259, CVE-2022-42263,
        CVE-2022-42264, CVE-2022-42265
R510    CVE-2022-34670, CVE-2022-34674, CVE-2022-34675, CVE-2022-34677,
        CVE-2022-34679, CVE-2022-34680, CVE-2022-34682, CVE-2022-34684,
        CVE-2022-42254, CVE-2022-42255, CVE-2022-42256, CVE-2022-42257,
        CVE-2022-42258, CVE-2022-42259, CVE-2022-42260, CVE-2022-42261,
        CVE-2022-42262, CVE-2022-42263, CVE-2022-42264
R470    CVE-2022-34670, CVE-2022-34674, CVE-2022-34675, CVE-2022-34677,
        CVE-2022-34679, CVE-2022-34680, CVE-2022-34682, CVE-2022-42254,
        CVE-2022-42255, CVE-2022-42256, CVE-2022-42257, CVE-2022-42258,
        CVE-2022-42259, CVE-2022-42260, CVE-2022-42261, CVE-2022-42262,
        CVE-2022-42263, CVE-2022-42264
R450    CVE-2022-34670, CVE-2022-34674, CVE-2022-34675, CVE-2022-34677,
        CVE-2022-34679, CVE-2022-34680, CVE-2022-34682, CVE-2022-42254,
        CVE-2022-42256, CVE-2022-42257, CVE-2022-42258, CVE-2022-42259,
        CVE-2022-42260, CVE-2022-42261, CVE-2022-42262, CVE-2022-42263,
        CVE-2022-42264
R390    CVE-2022-34670, CVE-2022-34674, CVE-2022-34675, CVE-2022-34677,
        CVE-2022-34680, CVE-2022-42257, CVE-2022-42258, CVE-2022-42259


Andreas

--- End Message ---

--- Begin Message ---

Source: nvidia-graphics-drivers
Source-Version: 470.161.03-1
Done: Andreas Beckmann <a...@debian.org>

We believe that the bug you reported is fixed in the latest version of
nvidia-graphics-drivers, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1025...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Beckmann <a...@debian.org> (supplier of updated nvidia-graphics-drivers 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 10 Dec 2022 00:52:57 +0100
Source: nvidia-graphics-drivers
Architecture: source
Version: 470.161.03-1
Distribution: bullseye
Urgency: medium
Maintainer: Debian NVIDIA Maintainers <pkg-nvidia-de...@lists.alioth.debian.org>
Changed-By: Andreas Beckmann <a...@debian.org>
Closes: 1020697 1021974 1022738 1024852 1025279
Changes:
 nvidia-graphics-drivers (470.161.03-1) bullseye; urgency=medium
 .
   * New upstream production branch release 470.161.03 (2022-11-22).
     * Fixed CVE-2022-34670, CVE-2022-34674, CVE-2022-34675, CVE-2022-34677,
       CVE-2022-34679, CVE-2022-34680, CVE-2022-34682, CVE-2022-42254,
       CVE-2022-42255, CVE-2022-42256, CVE-2022-42257, CVE-2022-42258,
       CVE-2022-42259, CVE-2022-42260, CVE-2022-42261, CVE-2022-42262,
       CVE-2022-42263, CVE-2022-42264.  (Closes: #1025279)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5415
     - Fixed a bug that caused the Xorg server to crash if an NvFBC capture
       session is started while video memory is full.
     * Improved compatibility with recent Linux kernels.  (Closes: #1024852)
   * New upstream Tesla release (amd64 only) 470.141.10 (2022-10-19).
 .
   [ Andreas Beckmann ]
   * Refresh patches.
   * Add missing #includes to fix kernel module build for ppc64el.
   * Rename the internally used ARCH variable which might clash on externally
     set values.
   * Use substitutions for ${nvidia-kernel} and friends (510.108.03-1).
   * Try to compile a kernel module at package build time (510.108.03-1).
   * Upload to bullseye.
 .
 nvidia-graphics-drivers (470.141.03-3) UNRELEASED; urgency=medium
 .
   * Backport get_task_ioprio changes from 510.85.02, acpi changes from
     510.85.02 and 515.65.01, drm_frambuffer.h changes from 515.76 to fix
     kernel module build for Linux 6.0.  (Closes: #1021974, #1022738)
 .
 nvidia-graphics-drivers (470.141.03-2) unstable; urgency=medium
 .
   * Add support for unversioned Tesla packages (tesla 510.85.02-1).
     (Closes: #1020697)
   * Switch *-source to a modern module-assistant based template.
   * Drop support for kernel-package and make-kpkg, gone since stretch.
Checksums-Sha1:
 e3ba005a0c02ae4af595460f3a1862ef99165afe 7202 
nvidia-graphics-drivers_470.161.03-1.dsc
 2bcb92a197cce6a51926c45f88f0ccda760dc907 272382526 
nvidia-graphics-drivers_470.161.03.orig-amd64.tar.gz
 0ff5d8a80a8df2828f15439daa8031f9f8d54fa6 184356759 
nvidia-graphics-drivers_470.161.03.orig-arm64.tar.gz
 0ac06ee3ee2922296484b18796591240f38201d0 141 
nvidia-graphics-drivers_470.161.03.orig.tar.gz
 ed192177e628ee4521400674482809389c23fe16 209156 
nvidia-graphics-drivers_470.161.03-1.debian.tar.xz
 3f56541fa7b005f8d639b88b13eed57a540efc09 8373 
nvidia-graphics-drivers_470.161.03-1_source.buildinfo
Checksums-Sha256:
 3f97fd9d5a4ad9b1baa69e4b8ad95e4a5828f633836960027788eb4fb4b488f5 7202 
nvidia-graphics-drivers_470.161.03-1.dsc
 76f2338e5f6827e6237e29f11bd6cf7350042e068b895d37101107485f609eed 272382526 
nvidia-graphics-drivers_470.161.03.orig-amd64.tar.gz
 e99d24fa054c44c659cd00e6cbf630ee9c9576da53254580f6b8c230302b1113 184356759 
nvidia-graphics-drivers_470.161.03.orig-arm64.tar.gz
 e9097c9c87d7a849db8a995f092ff13cb0c9ac833c60d612001dd2695edb6131 141 
nvidia-graphics-drivers_470.161.03.orig.tar.gz
 e4568aa5e9b6f54b3c8418807a992e85bdaec2f9b6797e727ba059875884b47d 209156 
nvidia-graphics-drivers_470.161.03-1.debian.tar.xz
 274a8d4b5c549653c7432e55f1c3bd3c2a18da87b7f790b9a2b2d3669adf9f0b 8373 
nvidia-graphics-drivers_470.161.03-1_source.buildinfo
Files:
 dea15b830367cd5ac25932c4146e5c94 7202 non-free/libs optional 
nvidia-graphics-drivers_470.161.03-1.dsc
 5a37fb22665d7ed79b9ab67da07fb469 272382526 non-free/libs optional 
nvidia-graphics-drivers_470.161.03.orig-amd64.tar.gz
 b10a691a11949b935a362224555a2f89 184356759 non-free/libs optional 
nvidia-graphics-drivers_470.161.03.orig-arm64.tar.gz
 bea0852da52749a0f97443f402188c40 141 non-free/libs optional 
nvidia-graphics-drivers_470.161.03.orig.tar.gz
 4b76da4f5c3fa15b5cddb5dd0743b3d1 209156 non-free/libs optional 
nvidia-graphics-drivers_470.161.03-1.debian.tar.xz
 851a266eb7592d3a230fce0f5e6ca362 8373 non-free/libs optional 
nvidia-graphics-drivers_470.161.03-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJEBAEBCAAuFiEE6/MKMKjZxjvaRMaUX7M/k1np7QgFAmOTzeIQHGFuYmVAZGVi
aWFuLm9yZwAKCRBfsz+TWentCOyED/4ovC3dUYQQr3P0OGVuvLyWre8ApmZzHJQ3
Tny9BuQfcZtV6RzA4PEoi+32sGGfzfqdqj6F9xya71HZq3bo7FLUA5V9WB4P85ZK
2/8HSibeAiFqUVhACklC2SrEcmfSek87p/EM0LbgYDDSJnH4JPdR7zrM1UKKhEaL
vjETsokHbC1386UidcUoMm1t4gqFVaIcxfuumU6P4d/abNlD2968S0XrUA/JBdE3
zWWOWOd2Y5emYpr+j8/HRAtXLFGuRkZJRHEw8Z6w6M4HHNFD5eefDyhomccaxeYs
l40JasqBBLewoR9IBkYlpoWxbK8NLT0wvPP7ovoM+DnR7TUSXos7cFN1/hLMx3nX
PsbonniIhM9o7Jx5zpQeIL1H1UVqLecow22G5+N7ONR8sCoo5nNMdRRH2CF5RqDS
TsiSkVrEIyl8bUiYhnVfk3qpbkjxjD+oR9cGXvZHT6KBfOz/lHvFNtkig8BlBMTl
ashlJUy6Ej0RDgDerlILQ0I+HA2O+g+2WhegyZ5tU3eYmPuI/Ns/+nFjXd0FG0ox
akRryQYA8Ncx55hz/By6PeEqURs8sSdkdjZ32jDZn8D6IxOIy93qzkLObjFdOXcR
7f/m7LRpz9TTZ1FrvNyJg3t2Vofsd8KBZBgVO7XsW4ZfokKp6HPnsyGUhWED+coV
yWRkWlORqw==
=StYF
-----END PGP SIGNATURE-----

--- End Message ---