Hi,
>Hello, > >we have virtualbox-ose in dla-needed.txt for a while already. Upstream >support by Oracle ended in June 2015 and I doubt that we will ever have >fixes for the latest issues that have been reported against it... > >I would thus suggest that we send out a DLA announcing that it's no longer >supported in squeeze and that we update debian-security-support. What do >you think? > >Gianfranco, do you agree or is there any chance of another 3.2.x release >from upstream? I think 3.2.x is EOL. actually we can fix something, e.g. CVE-2015-7183, but it has no DSA, and I don't think fixing spurious CVEs just because some patches applies works in general. I think with 3.2.28 we have performed our last upload. cheers, G.
