On Sun, 2017-07-30 at 23:19 +0100, Luca Boccassi wrote: > Control: tags -1 - moreinfo > > On Sun, 2017-07-30 at 23:04 +0100, Adam D. Barratt wrote: > > Control: tags -1 + moreinfo > > > > On Wed, 2017-07-26 at 22:51 +0100, Luca Boccassi wrote: > > > The non-free proprietary nvidia-graphics-drivers version 375.66 > > > in > > > Stretch is affected by CVE-2017-6257 and CVE-2017-6259. Debian > > > bug: > > > > > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869783 > > > > > > Please consider allowing the new upstream version 375.82, which > > > fixes > > > these CVEs, in proposed-updates. As usual with these proprietary > > > drivers, we cannot just cherry-pick the fixes for the CVEs as > > > they > > > are > > > in the binary blobs. > > > > > > I have tested this new version on a Stretch amd64 desktop and > > > didn't > > > encounter any issue. > > > > > > The debdiff from 375.66-2~deb9u1 to 375.82-1 is attached. > > > > While I'm sure it's probably fine, could we have a diff of the > > proposed > > 375.82-1~deb9u1, as built and tested on stretch, please? > > > > Regards, > > > > Adam > > Hi Adam, > > There were no changes when I opened the bug apart from the new > changelog entry. > > Andreas has since committed 2 small fixes to the changelog as well, > inlined, just minor clarifications. I still find the way upstream > compiles their changelog quite confusing and often make mistakes when > copying over :-) > > Kind regards, > Luca Boccassi To further clarify, the debdiff I attached originally is the one from the source I built and tested on Stretch. Kind regards, Luca Boccassi
Attachment:
signature.asc
Description: This is a digitally signed message part