[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: About the security issues affecting nvidia-graphics-drivers in Squeeze

On 2015-10-05 10:15, Santiago Ruano Rincón wrote:
> the Debian LTS team recently reviewed the security issue(s) affecting your
> package in Squeeze:
> https://security-tracker.debian.org/tracker/CVE-2015-5950
> We decided that we would not prepare a squeeze security update (usually
> because the security impact is low and that we concentrate our limited
> resources on higher severity issues and on the most widely used packages).
> That said the squeeze users would most certainly benefit from a fixed
> package.

 nvidia-graphics-drivers              | 195.36.31-6squeeze2 | squeeze/non-free           | source
 nvidia-graphics-drivers              | 295.59-1~bpo60+2    | squeeze-backports/non-free | source
 nvidia-graphics-drivers-legacy-173xx | 173.14.27-2         | squeeze/non-free           | source
 nvidia-graphics-drivers-legacy-173xx | 173.14.35-1~bpo60+2 | squeeze-backports/non-free | source
 nvidia-graphics-drivers-legacy-96xx  | 96.43.18-2          | squeeze/non-free           | source

Neither of these versions is supported by nvidia any more.
I also don't know whether they are actually affected by this bug ...

I don't plan to touch either squeeze or squeeze-backports.
(Backporting the (soon-to-be) wheezy version may be a bit tricky since
we need to switch back to pre-multiarch and I'm not sure whether the
wheezy package has still full support for such a setup.)

For wheezy/jessie the updates will be routed via proposed-updates.

(The situation will be better for wheezy-lts/jessie-lts, the 304/340 legacy
series are supported by nvidia through the end of 2017/2019.)


Reply to: