tags 668780 + squeeze confirmed thanks On Sat, 2012-04-14 at 12:57 +0200, Andreas Beckmann wrote: > * Security fix (backported from 195.36.31-7). (Closes: #609338) > Apply upstream patch NVIDIA_kernel-260.19.34-778465.diff to fix > information leak in the kernel module: kernel memory was returned > uninitialized to user space. > > * CVE-2012-0946 (backported from 295.40-1): > Add upstream patch nvidia-blacklist-register-mapping-195.diff: > Closed a security vulnerability which made it possible for attackers to > reconfigure GPUs to gain access to arbitrary system memory. For further > details, see: http://nvidia.custhelp.com/app/answers/detail/a_id/3109 > > * Let the bug-script collect detailed information about OpenGL and NVIDIA > libraries and their symlinks, diversions and alternatives currently found > on the system. Also list files remaining from using the nvidia-installer. > Report status of more related packages.
Thanks for working on fixing this in stable. fwiw, "-6+squeeze1" is more conventional, although it's unlikely to make a difference in this case. Please feel free to go ahead with the upload. Are the n-g-d-legacy-* packages likely to be affected by these issues as well? > As a followup to this update the nvidia-graphics-modules package > (prebuilt binary kernel modules) needs to be updated, too. Okay. Please could you open a second bug for that? Regards, Adam -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
