On Wed, 2024-05-08 at 18:22 +0100, Adam D. Barratt wrote:
> On Wed, 2024-05-08 at 19:18 +0200, Andreas Beckmann wrote:
> > On 05/05/2024 20.52, Adam D Barratt wrote:
> > > Package: nvidia-graphics-drivers
> > > Version: 470.239.06-1
> >
> > > Explanation: upstream security fixes [CVE-2022-42265 CVE-2024-
> > > 0074
> > > CVE-2024-0078]
> >
> > Can we push these packages to bullseye-updates?
> > The kernel change that recently caused problems for the nvidia
> > modules
> > in bookworm has now reached bullseye, too: #1070726, but the new
> > upstream already sitting in bullseye-pu is sufficient to fix that.
>
> Would wording similar to
> https://lists.debian.org/debian-stable-announce/2024/02/msg00002.html
> be accurate / suitable? (With the 12.5 reference changed to the
> relevant DSA number.)
Not sure if you saw the previous mail, but see below for suggested SUA
text.
Regards,
Adam
===
This update addresses problems in three non-free driver packages supporting
nVidia graphics cards.
The Linux kernel released in DSA 5681-1 changed an inlined function to
call two GPL-only symbols, making that function inaccessible to non-free
kernel modules.
As a result, the nVidia kernel modules cannot be built via DKMS at
installation time for the updated kernel.
The following packages have been updated to correct the problem:
Source package Fixed version
============== =============
nvidia-graphics-drivers 470.239.06-1
nvidia-graphics-drivers-tesla-470 470.239.06-1~deb11u1
nvidia-settings 470.239.06-1
If you use the affected packages, we recommend you upgrade to these
versions.
===
