updating non-free nvidia-graphics-drivers in stretch for CVE-2021-1056
Andreas Beckmann
anbe at debian.org
Fri Jan 22 19:47:01 GMT 2021
Hi,
I'd like to update src:nvidia-graphics-drivers in stretch from 390.138-1
to 390.141-1 which fixes CVE-2021-1056 (#979670).
For stable, the non-free nvidia drivers are usually updated to new
upstream releases fixing CVEs via stable-pu in point releases without
issuing DSA.
What needs to be done to get the package updated in stretch?
The 390.141 driver version is currently available in
sid/bullseye/buster-backports as
src:nvidia-graphics-drivers-legacy-390xx and has been requested for
buster-pu (as src:nvidia-graphics-drivers-legacy-390xx) in #980201. So
far we haven't heard about any issues with this driver, but there are
still some people that use it for legacy hardware. (AFAIK, the Debian
NVIDIA Maintainers don't have any legacy devices where we could test
functionality of this driver.) As usual, these new upstream releases for
stable are accompanied by some packaging improvements to keep the
different drivers in sync (there are currently 7 driver series in sid, 1
in NEW and bullseye is supposed to ship with 4 or 5 of them.)
Andreas
More information about the pkg-nvidia-devel
mailing list