Bug#1056715: bullseye-pu: package nvidia-graphics-drivers-tesla-470/470.223.02-1~deb11u1
Control: tags -1 + confirmed On Sat, 2023-11-25 at 11:11 +0100, Andreas Beckmann wrote: > Control: usertags -2 pu > Control: tags -2 = bookworm > Control: retitle -2 bookworm-pu: package nvidia-graphics-drivers- > tesla-470/470.223.02-1~deb12u1 > > [ Reason ] > In oder to fix CVE-2023-31022 we need to upgrade > nvidia-graphics-drivers-tesla-470 to a new upstream release. Please go ahead (x2). Regards, Adam
Bug#1056715: bullseye-pu: package nvidia-graphics-drivers-tesla-470/470.223.02-1~deb11u1
Package: release.debian.org Severity: normal Tags: bullseye User: release.debian@packages.debian.org Usertags: pu Control: clone -1 -2 Control: usertags -2 pu Control: tags -2 = bookworm Control: retitle -2 bookworm-pu: package nvidia-graphics-drivers-tesla-470/470.223.02-1~deb12u1 [ Reason ] In oder to fix CVE-2023-31022 we need to upgrade nvidia-graphics-drivers-tesla-470 to a new upstream release. [ Impact ] A proprietary graphics driver with more CVEs open. [ Tests ] Only module building has been tested. Anything else would require certain hardware and driver usage. [ Risks ] Low. Upgrading to a new nvidia driver release in (old-)stable is an established procedure. [ Checklist ] [*] *all* changes are documented in the d/changelog [*] I reviewed all changes and I approve them (excluding the blobs) [*] attach debdiff against the package in (old)stable (excluding the blobs) [*] the issue is verified as fixed in unstable [ Changes ] There is a new patch added which is only relevant for using this driver with a backported Linux 6.2+ on a recent Intel CPU. As the blob parts are not built with Indirect Branch Tracking (IBT) support, the module cannot be used on a CPU+kernel combination that enables IBT by default unless it is booted with ibt=off. There are only minor additional packaging changes. debian/README.source| 9 +- debian/changelog| 165 debian/control | 2 +- debian/control.in | 2 +- debian/control.md5sum | 8 +- debian/copyright| 3 +- .../module/debian/patches/0010-backport-pci-dma-changes-for-ppc64el.patch | 68 --- .../patches/0033-refuse-to-load-legacy-module-if-IBT-is-enabled.patch | 63 ++ debian/module/debian/patches/bashisms.patch | 2 +- debian/module/debian/patches/cc_version_check-gcc5.patch| 2 +- debian/module/debian/patches/conftest-verbose.patch | 6 +- debian/module/debian/patches/linux-2.6.34-dev_pm_info-runtime_auto.patch| 2 +- debian/module/debian/patches/series.in | 2 +- debian/nvidia-options.conf.in | 12 ++- debian/rules| 7 +- debian/rules.defs | 4 +- debian/tests/control| 8 +- debian/tests/control.in | 8 +- 18 files changed, 256 insertions(+), 117 deletions(-) [ Other info ] This is a rebuild of the package from sid with no further changes. The bullseye upload will get an additional "rebuild for bullseye" changelog entry. Andreas ngd-470-470.223.02-1~deb12u1.diff.xz Description: application/xz
