updating non-free nvidia-graphics-drivers in stretch for CVE-2021-1056
I'd like to update src:nvidia-graphics-drivers in stretch from 390.138-1
to 390.141-1 which fixes CVE-2021-1056 (#979670).
For stable, the non-free nvidia drivers are usually updated to new
upstream releases fixing CVEs via stable-pu in point releases without
What needs to be done to get the package updated in stretch?
The 390.141 driver version is currently available in
src:nvidia-graphics-drivers-legacy-390xx and has been requested for
buster-pu (as src:nvidia-graphics-drivers-legacy-390xx) in #980201. So
far we haven't heard about any issues with this driver, but there are
still some people that use it for legacy hardware. (AFAIK, the Debian
NVIDIA Maintainers don't have any legacy devices where we could test
functionality of this driver.) As usual, these new upstream releases for
stable are accompanied by some packaging improvements to keep the
different drivers in sync (there are currently 7 driver series in sid, 1
in NEW and bullseye is supposed to ship with 4 or 5 of them.)