n-g-d 196.36.31 security update?
Russ Allbery
rra at debian.org
Fri Apr 13 21:01:01 UTC 2012
Andreas Beckmann <debian at abeckmann.de> writes:
> do we want fix CVE-2012-0946 in stable?
Ideally, yes -- this is one of those things that was stuck on my to-do
list.
> I prepared a package with upstream's patch applied in
> branches/195.36.31-squeeze:
> Add upstream patch nvidia-blacklist-register-mapping-195.diff:
> Closed a security vulnerability which made it possible for attackers to
> reconfigure GPUs to gain access to arbitrary system memory. For further
> details, see: http://nvidia.custhelp.com/app/answers/detail/a_id/3109
> What would be the correct way: stable-proposed-updates or
> stable-security?
I believe stable-proposed-updates, because we don't have official security
support for non-free. Could you file a bug (via reportbug) against
release.debian.org with a copy of the patch to get approval for upload? I
can also do this if you'd rather, but it will be a few days before I'll
get a chance.
> Once this is fixed, the precompiled modules need to be updated, too.
Right, thanks for the reminder.
--
Russ Allbery (rra at debian.org) <http://www.eyrie.org/~eagle/>
More information about the pkg-nvidia-devel
mailing list