updating non-free nvidia-graphics-drivers in stretch for CVE-2021-1056

To: debian-lts@lists.debian.org
Cc: Debian NVIDIA Maintainers <pkg-nvidia-devel@lists.alioth.debian.org>
Subject: updating non-free nvidia-graphics-drivers in stretch for CVE-2021-1056
From: Andreas Beckmann <anbe@debian.org>
Date: Fri, 22 Jan 2021 20:47:01 +0100
Message-id: <[🔎] 04fd72e7-5d2c-d137-0943-444e055796f2@debian.org>

Hi,

I'd like to update src:nvidia-graphics-drivers in stretch from 390.138-1
to 390.141-1 which fixes CVE-2021-1056 (#979670).

For stable, the non-free nvidia drivers are usually updated to new
upstream releases fixing CVEs via stable-pu in point releases without
issuing DSA.
What needs to be done to get the package updated in stretch?

The 390.141 driver version is currently available in
sid/bullseye/buster-backports as
src:nvidia-graphics-drivers-legacy-390xx and has been requested for
buster-pu (as src:nvidia-graphics-drivers-legacy-390xx) in #980201. So
far we haven't heard about any issues with this driver, but there are
still some people that use it for legacy hardware. (AFAIK, the Debian
NVIDIA Maintainers don't have any legacy devices where we could test
functionality of this driver.) As usual, these new upstream releases for
stable are accompanied by some packaging improvements to keep the
different drivers in sync (there are currently 7 driver series in sid, 1
in NEW and bullseye is supposed to ship with 4 or 5 of them.)


Andreas

Reply to:

Follow-Ups:
- Re: updating non-free nvidia-graphics-drivers in stretch for CVE-2021-1056
  - From: Ola Lundqvist <ola@inguza.com>

Prev by Date: Re: Dropping support for 'reel'
Next by Date: Re: updating non-free nvidia-graphics-drivers in stretch for CVE-2021-1056
Previous by thread: Re: Dropping support for 'reel'
Next by thread: Re: updating non-free nvidia-graphics-drivers in stretch for CVE-2021-1056
Index(es):
- Date
- Thread