From owner-freebsd-ports@FreeBSD.ORG  Wed Aug  8 12:38:46 2012
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
Delivered-To: freebsd-ports@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id C5A7E106564A;
	Wed,  8 Aug 2012 12:38:46 +0000 (UTC)
	(envelope-from wxs@atarininja.org)
Received: from syn.atarininja.org (syn.csh.rit.edu [129.21.49.45])
	by mx1.freebsd.org (Postfix) with ESMTP id 961718FC0C;
	Wed,  8 Aug 2012 12:38:44 +0000 (UTC)
Received: by syn.atarininja.org (Postfix, from userid 1001)
	id C8A035C34; Wed,  8 Aug 2012 08:38:43 -0400 (EDT)
Date: Wed, 8 Aug 2012 08:38:43 -0400
From: Wesley Shields <wxs@FreeBSD.org>
To: Alexey Dokuchaev <danfe@FreeBSD.org>
Message-ID: <20120808123843.GA31238@atarininja.org>
References: <CAPjTQNHv9CiLYu-r3OHHZfF1HhHYL7yuiefjOD8BqZm8hi3o=Q@mail.gmail.com>
	<501F7A35.5080207@FreeBSD.org> <501FAF5E.6090101@gwdg.de>
	<20120808103406.GA56960@FreeBSD.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20120808103406.GA56960@FreeBSD.org>
User-Agent: Mutt/1.5.21 (2010-09-15)
Cc: Doug Barton <dougb@FreeBSD.org>,
	freebsd security <freebsd-security@freebsd.org>,
	Rainer Hurling <rhurlin@gwdg.de>, freebsd-ports@FreeBSD.org,
	Oliver Pinter <oliver.pntr@gmail.com>
Subject: Re: [Full-disclosure] nvidia linux binary driver priv escalation
 exploit
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Aug 2012 12:38:46 -0000

On Wed, Aug 08, 2012 at 10:34:06AM +0000, Alexey Dokuchaev wrote:
> On Mon, Aug 06, 2012 at 01:49:50PM +0200, Rainer Hurling wrote:
> > Am 06.08.2012 10:03 (UTC+1) schrieb Doug Barton:
> > >On 08/01/2012 05:09, Oliver Pinter wrote:
> > >>I found this today on FD:
> > >>
> > >>http://seclists.org/fulldisclosure/2012/Aug/4
> > >
> > >Apparently this affects us as well. Any news?
> > 
> > Thanks for the info. I had been not aware of it before.
> > 
> > NVidia has released a driver version 304.32 for FreeBSD i386 and amd64, 
> > which should remedy these security issues.
> 
> Luckily, they've released version 295.71 which is on Long Lived Branch.  I
> will update the port shortly.

Thank you!

> VuXML entry will have to follow separately, as it is unclear whether new CVE
> number will be assigned or not.

You can do the VuXML without a CVE for now and update it when/if one is
assigned.

-- WXS