Hi,
On 11/05/2023 17:22, Tobias Frost wrote:
nvidia-graphics-drivers-legacy-390xx is now uploaded, (tested with some old
GTX770…)
A procedural question:
For the remaining CVE's (and those of nvidia-graphics-drivers), do I mark them
"end-of-life" (e.g by saying in CVE/list:
[buster] - nvidia-graphics-drivers <end-of-life> (EOL in buster LTS)
or just ignore them?
I think <end-of-life> would work if it's documented in
debian-security-support. Otherwise we can just continue to mark them
<ignored>, which is also what the security team does, e.g.:
CVE-2022-42259 ...
- nvidia-graphics-drivers-legacy-340xx <unfixed>
[buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not
supported, no updates provided by Nvidia anymore)
Cheers!
Sylvain
