About the security issues affecting nvidia-graphics-drivers in Squeeze
Andreas Beckmann
anbe at debian.org
Mon Oct 5 08:49:25 UTC 2015
On 2015-10-05 10:15, Santiago Ruano Rincón wrote:
> the Debian LTS team recently reviewed the security issue(s) affecting your
> package in Squeeze:
> https://security-tracker.debian.org/tracker/CVE-2015-5950
>
> We decided that we would not prepare a squeeze security update (usually
> because the security impact is low and that we concentrate our limited
> resources on higher severity issues and on the most widely used packages).
> That said the squeeze users would most certainly benefit from a fixed
> package.
nvidia-graphics-drivers | 195.36.31-6squeeze2 | squeeze/non-free | source
nvidia-graphics-drivers | 295.59-1~bpo60+2 | squeeze-backports/non-free | source
nvidia-graphics-drivers-legacy-173xx | 173.14.27-2 | squeeze/non-free | source
nvidia-graphics-drivers-legacy-173xx | 173.14.35-1~bpo60+2 | squeeze-backports/non-free | source
nvidia-graphics-drivers-legacy-96xx | 96.43.18-2 | squeeze/non-free | source
Neither of these versions is supported by nvidia any more.
I also don't know whether they are actually affected by this bug ...
I don't plan to touch either squeeze or squeeze-backports.
(Backporting the (soon-to-be) wheezy version may be a bit tricky since
we need to switch back to pre-multiarch and I'm not sure whether the
wheezy package has still full support for such a setup.)
For wheezy/jessie the updates will be routed via proposed-updates.
(The situation will be better for wheezy-lts/jessie-lts, the 304/340 legacy
series are supported by nvidia through the end of 2017/2019.)
Andreas
More information about the pkg-nvidia-devel
mailing list