On Wed, 2024-05-08 at 18:22 +0100, Adam D. Barratt wrote: > On Wed, 2024-05-08 at 19:18 +0200, Andreas Beckmann wrote: > > On 05/05/2024 20.52, Adam D Barratt wrote: > > > Package: nvidia-graphics-drivers > > > Version: 470.239.06-1 > > > > > Explanation: upstream security fixes [CVE-2022-42265 CVE-2024- > > > 0074 > > > CVE-2024-0078] > > > > Can we push these packages to bullseye-updates? > > The kernel change that recently caused problems for the nvidia > > modules > > in bookworm has now reached bullseye, too: #1070726, but the new > > upstream already sitting in bullseye-pu is sufficient to fix that. > > Would wording similar to > https://lists.debian.org/debian-stable-announce/2024/02/msg00002.html > be accurate / suitable? (With the 12.5 reference changed to the > relevant DSA number.)
Not sure if you saw the previous mail, but see below for suggested SUA text. Regards, Adam === This update addresses problems in three non-free driver packages supporting nVidia graphics cards. The Linux kernel released in DSA 5681-1 changed an inlined function to call two GPL-only symbols, making that function inaccessible to non-free kernel modules. As a result, the nVidia kernel modules cannot be built via DKMS at installation time for the updated kernel. The following packages have been updated to correct the problem: Source package Fixed version ============== ============= nvidia-graphics-drivers 470.239.06-1 nvidia-graphics-drivers-tesla-470 470.239.06-1~deb11u1 nvidia-settings 470.239.06-1 If you use the affected packages, we recommend you upgrade to these versions. ===