From owner-freebsd-ports@FreeBSD.ORG  Fri Aug 10 14:35:35 2012
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
Delivered-To: freebsd-ports@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 29535106566B
	for <freebsd-ports@freebsd.org>; Fri, 10 Aug 2012 14:35:35 +0000 (UTC)
	(envelope-from simon@qxnitro.org)
Received: from mail-yw0-f54.google.com (mail-yw0-f54.google.com
	[209.85.213.54])
	by mx1.freebsd.org (Postfix) with ESMTP id C687F8FC15
	for <freebsd-ports@freebsd.org>; Fri, 10 Aug 2012 14:35:34 +0000 (UTC)
Received: by yhfs35 with SMTP id s35so1940722yhf.13
	for <freebsd-ports@freebsd.org>; Fri, 10 Aug 2012 07:35:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qxnitro.org; s=google;
	h=mime-version:x-originating-ip:in-reply-to:references:date
	:message-id:subject:from:to:cc:content-type;
	bh=4OT29Xf9rX2B8UOxhqifPX7X2J4X5C2FCFNmKU3U3j0=;
	b=RWtooVIALcjzms/8nV4eavsMOcELKfbGS3BrwwB0vY5gM4qpdXy7hKOWSwXAOy/f9i
	493VXc7MdgAcCXRPxwf2rVqNExF3lxzLQARWf0rPGXetWsKHmKns7bvAxaOyP0xfYWP4
	wF2uA3ZQ8Jp5enNOZ7i4TgJqZSMtM9bC01g0Q=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=google.com; s=20120113;
	h=mime-version:x-originating-ip:in-reply-to:references:date
	:message-id:subject:from:to:cc:content-type:x-gm-message-state;
	bh=4OT29Xf9rX2B8UOxhqifPX7X2J4X5C2FCFNmKU3U3j0=;
	b=bRcHcmBBO8z/gj4/HYkkcbnf0YvXFKT0gfOr0TRxDGEv+hjVV7zaHR16qrRu0sGBgr
	TGbadIMqAKUGMZxzHonclaL1KFxNdWUKG6PdzsEhtSHys4EnEEL+8TSFfTS/3dDSoyh/
	JFFoLeKYTi1qAfbDrGYFMGk3SbYbhgFB1bEzxrOx0/brMOpf/WriM5bTMhQxdvblfI/4
	PrSzR5SDfIYg5+9U5un3AJz8TOD3Sidy+2zUW6um+87GyGCTMqi0sADYY54JBe/yazQp
	d4recUg80vncY3dSzLZtsdFMEMZLwolTls8JqWDNE2ntZr9Y3qgTRc3ey0id8x9H09TS
	xbVw==
MIME-Version: 1.0
Received: by 10.50.87.227 with SMTP id bb3mr1921449igb.57.1344609333649; Fri,
	10 Aug 2012 07:35:33 -0700 (PDT)
Received: by 10.64.44.200 with HTTP; Fri, 10 Aug 2012 07:35:33 -0700 (PDT)
X-Originating-IP: [2620:0:1040:201:41f4:8bea:6cbe:5f07]
In-Reply-To: <20120808123843.GA31238@atarininja.org>
References: <CAPjTQNHv9CiLYu-r3OHHZfF1HhHYL7yuiefjOD8BqZm8hi3o=Q@mail.gmail.com>
	<501F7A35.5080207@FreeBSD.org> <501FAF5E.6090101@gwdg.de>
	<20120808103406.GA56960@FreeBSD.org>
	<20120808123843.GA31238@atarininja.org>
Date: Fri, 10 Aug 2012 15:35:33 +0100
Message-ID: <CAC8HS2HKvDj0GsFToG0zOjTpF+h-Dx9C+woUhX97j2DyFpC9wg@mail.gmail.com>
From: "Simon L. B. Nielsen" <simon@qxnitro.org>
To: Wesley Shields <wxs@freebsd.org>
Content-Type: text/plain; charset=UTF-8
X-Gm-Message-State: ALoCoQn70TEwmBewqA170CLSua6D7bZ5u+UxsdOy1MlDNo8KgAOa5b+RtD/ZJKUEpsRZVzd1ZqJB
Cc: Alexey Dokuchaev <danfe@freebsd.org>, Doug Barton <dougb@freebsd.org>,
	Oliver Pinter <oliver.pntr@gmail.com>,
	freebsd security <freebsd-security@freebsd.org>,
	Rainer Hurling <rhurlin@gwdg.de>, freebsd-ports@freebsd.org
Subject: Re: [Full-disclosure] nvidia linux binary driver priv escalation
	exploit
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Aug 2012 14:35:35 -0000

On Wed, Aug 8, 2012 at 1:38 PM, Wesley Shields <wxs@freebsd.org> wrote:
> On Wed, Aug 08, 2012 at 10:34:06AM +0000, Alexey Dokuchaev wrote:
>> On Mon, Aug 06, 2012 at 01:49:50PM +0200, Rainer Hurling wrote:
>> > Am 06.08.2012 10:03 (UTC+1) schrieb Doug Barton:
>> > >On 08/01/2012 05:09, Oliver Pinter wrote:
>> > >>I found this today on FD:
>> > >>
>> > >>http://seclists.org/fulldisclosure/2012/Aug/4
>> > >
>> > >Apparently this affects us as well. Any news?
>> >
>> > Thanks for the info. I had been not aware of it before.
>> >
>> > NVidia has released a driver version 304.32 for FreeBSD i386 and amd64,
>> > which should remedy these security issues.
>>
>> Luckily, they've released version 295.71 which is on Long Lived Branch.  I
>> will update the port shortly.
>
> Thank you!
>
>> VuXML entry will have to follow separately, as it is unclear whether new CVE
>> number will be assigned or not.
>
> You can do the VuXML without a CVE for now and update it when/if one is
> assigned.

Eh, why wouldn't a CVE name not be assigned? If none is we should ask
MITRE to assign one, but it would surprise me if NVIDIA or a Linux
vendor hasn't done this already.

-- 
Simon L. B. Nielsen