Bug#886852: NVidia driver : upgrade to version 384.111
Luca Boccassi
bluca at debian.org
Thu Jan 11 11:19:43 UTC 2018
On Wed, 2018-01-10 at 23:58 +0100, Andreas Beckmann wrote:
> On 2018-01-10 15:25, Luca Boccassi wrote:
> > I'm a little confused as what their blobs could possible have to do
> > with spectre/meltdown to be honest
>
> meltdown does not seem to be an issue, but for spectre it is not
> neccessarily the GPU bits being fixed, but the CPU side of the driver
> -
> which can run untrusted user supplied code (e.g. compiling shaders)
> ...
> that could be comparable to the sandboxed javascript in the browser
> accessing all the browser memory.
Ah I see, makes sense.
> > - but in general it sounds like a
> > good idea to move 384 to stable-p-u, since it's won't be the last
> > CVE
> > we get and as you said 375 is dead and buried.
> >
> > Andreas, what do you think?
>
> Just uploaded to stretch-backports, will need to go through
> backports-new.
> Untested on my side - please try it out :-)
>
>
> Andreas
Thanks, will try it out later tonight and report back - I already had
manually built a locally merged version and it seemed to work fine so I
don't expect issues.
--
Kind regards,
Luca Boccassi
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/pkg-nvidia-devel/attachments/20180111/36588e86/attachment.sig>
More information about the pkg-nvidia-devel
mailing list