Hi, I'd like to update src:nvidia-graphics-drivers in stretch from 390.138-1 to 390.141-1 which fixes CVE-2021-1056 (#979670).
For stable, the non-free nvidia drivers are usually updated to new upstream releases fixing CVEs via stable-pu in point releases without issuing DSA. What needs to be done to get the package updated in stretch? The 390.141 driver version is currently available in sid/bullseye/buster-backports as src:nvidia-graphics-drivers-legacy-390xx and has been requested for buster-pu (as src:nvidia-graphics-drivers-legacy-390xx) in #980201. So far we haven't heard about any issues with this driver, but there are still some people that use it for legacy hardware. (AFAIK, the Debian NVIDIA Maintainers don't have any legacy devices where we could test functionality of this driver.) As usual, these new upstream releases for stable are accompanied by some packaging improvements to keep the different drivers in sync (there are currently 7 driver series in sid, 1 in NEW and bullseye is supposed to ship with 4 or 5 of them.) Andreas
