Hi,

On 11/05/2023 17:22, Tobias Frost wrote:
nvidia-graphics-drivers-legacy-390xx is now uploaded, (tested with some old 
GTX770…)

A procedural question:
For the remaining CVE's (and those of nvidia-graphics-drivers), do I mark them
"end-of-life" (e.g by saying in CVE/list:
        [buster] - nvidia-graphics-drivers <end-of-life> (EOL in buster LTS)
or just ignore them?

I think <end-of-life> would work if it's documented in debian-security-support. Otherwise we can just continue to mark them <ignored>, which is also what the security team does, e.g.:

CVE-2022-42259 ...
        - nvidia-graphics-drivers-legacy-340xx <unfixed>
[buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore)

Cheers!
Sylvain

Reply via email to