[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#869836: stretch-pu: package nvidia-graphics-drivers/375.82-1~deb9u1



On Sun, 2017-07-30 at 23:19 +0100, Luca Boccassi wrote:
> Control: tags -1 - moreinfo
> 
> On Sun, 2017-07-30 at 23:04 +0100, Adam D. Barratt wrote:
> > Control: tags -1 + moreinfo
> > 
> > On Wed, 2017-07-26 at 22:51 +0100, Luca Boccassi wrote:
> > > The non-free proprietary nvidia-graphics-drivers version 375.66
> > > in
> > > Stretch is affected by CVE-2017-6257 and CVE-2017-6259. Debian
> > > bug:
> > > 
> > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869783
> > > 
> > > Please consider allowing the new upstream version 375.82, which
> > > fixes
> > > these CVEs, in proposed-updates. As usual with these proprietary
> > > drivers, we cannot just cherry-pick the fixes for the CVEs as
> > > they
> > > are
> > > in the binary blobs.
> > > 
> > > I have tested this new version on a Stretch amd64 desktop and
> > > didn't
> > > encounter any issue.
> > > 
> > > The debdiff from 375.66-2~deb9u1 to 375.82-1 is attached.
> > 
> > While I'm sure it's probably fine, could we have a diff of the
> > proposed
> > 375.82-1~deb9u1, as built and tested on stretch, please?
> > 
> > Regards,
> > 
> > Adam
> 
> Hi Adam,
> 
> There were no changes when I opened the bug apart from the new
> changelog entry.
> 
> Andreas has since committed 2 small fixes to the changelog as well,
> inlined, just minor clarifications. I still find the way upstream
> compiles their changelog quite confusing and often make mistakes when
> copying over :-)
> 
> Kind regards,
> Luca Boccassi

To further clarify, the debdiff I attached originally is the one from
the source I built and tested on Stretch.

Kind regards,
Luca Boccassi

Attachment: signature.asc
Description: This is a digitally signed message part


Reply to: