Hi, i wrote: > > Well, "stable" means old software with old bugs. Those who want the new > > bugs, which are introduced by fixing the old ones, have to run something > > else.
Alexander V. Makartsev wrote: > Then why "nvidia-driver" in Stable was switched from previous "460.91.03-1" > version to "470.129.06-6~deb11u1"? https://tracker.debian.org/news/1345038/accepted-nvidia-graphics-drivers-47012906-6deb11u1bpo101-source-amd64-into-buster-backports-backports-policy-buster-backports/ closes 24 bugs and fixes 6 CVEs. Obviously this was not a cautious detail fix by a concise patch but rather a switch to a new upstream release. Already the first CVE in the list shows that the old situation was quite desparate. https://security-tracker.debian.org/tracker/CVE-2022-28181 "NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user on the network can cause an out-of-bounds write through a specially crafted shader, which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering." (Actually, given the CVEs and extrapolating the number of undetected similar vulnerabilities, i would have scruples to employ such a software. But i have no need for high GPU performance.) > Should I file a new bug? I would do. Maybe the problem gets then fixed with the next emergency upload. But of course it would have to be somewhat reproducible. > If so, what is the best way to do it, if the last freeze happened 4 days > ago, according by timestamps in syslog, and now I plan to downgrade the > driver to be able to use full capabilities of my PC? I guess you will have to wait with the downgrade several days after you filed the bug. So the maintainers at least have a theoretical chance to propose experiments or workarounds. Have a nice day :) Thomas
