On 2016-01-15 17:58, Adam D. Barratt wrote: > On Mon, 2015-11-02 at 03:07 +0100, Andreas Beckmann wrote: >> The only option to fix CVE-2015-7723, CVE-2015-7724 (#803517) in >> fglrx-driver is to update to a new upstream release of the blob. >> >> I have prepared a backport of the current sid version to jessie and only >> reverted the changes that are problematic for jessie (removal of the >> libxvbaw-dev package and related changes). > > Apologies for the delay in getting back to you on this. > > Please go ahead
Uploaded 1:15.9-4~deb8u1 In the meantime 1:15.9-3 got uploaded to sid followed by 1:15.9-4, so I rebuilt that for jessie to get a few more typo fixes and lintian overrides into the package. The "big" changes from -3 and -4 that were made after I filed the pu request (and therefore were not yet in the diff I sent) have been reverted for jessie: while the patches managed to get the kernel module built for Linux 4.3/4.4 (which is irrelevant for jessie anyway), the module would just oops with a null pointer dereference in the blob on 4.3. So better restrict support to <= 4.2 which is known to work. The "* Reinstate breaks between fglrx-driver and libgl1-fglrx-glx." actually reverts a change, going back to what we have in jessie currently. Attached is the incremental source diff for the additional changes not in the previous pu-request diff. Attached is also a filtered diff (excluding *.patch and *.po) from 1:14.9+ga14.201-2 to 1:15.9-4~deb8u1, generated from svn. Please note that when checking the full diff from jessie, there will be a lot of noise due to renaming/renumbering of the patches (and of course the blobs itself). Andreas
15.9-4~deb8u1.incremental.diff
Description: application/pgp-keys
1:15.9-4~deb8u1.filtered.diff
Description: application/pgp-keys
