As said on irc:
1) I don't want to ship the package in Buster if the security team can't handle
security updates
2) I don't want security team to handle them, I'll in case provide them the
stuff that can be sponsored (as we did in the past).
In case the new micro releases are not ship anymore
Hi,
On 13/03/19 at 22:18 +0100, Ivo De Decker wrote:
> Control: severity -1 serious
>
> Hi,
>
> On Mon, Aug 28, 2017 at 03:01:18PM +0200, Lucas Nussbaum wrote:
> > After a private discussion with Gianfranco, I'm retitling this bug and
> > downgrading its severity. (Gianfranco agrees, at least
Processing control commands:
> severity -1 serious
Bug #794466 [src:virtualbox] virtualbox: might not be suitable for stable
releases due to lack of cooperation from upstream on security support for older
releases
Severity set to 'serious' from 'important'
--
794466:
Control: retitle -1 virtualbox: might not be suitable for stable releases due
to lack of cooperation from upstream on security support for older releases
Control: severity -1 important
Hi,
After a private discussion with Gianfranco, I'm retitling this bug and
downgrading its severity.
Processing control commands:
> retitle -1 virtualbox: might not be suitable for stable releases due to lack
> of cooperation from upstream on security support for older releases
Bug #794466 [src:virtualbox] Virtualbox might not be suitable for Stretch
Changed Bug title to 'virtualbox: might not
On Mon, 2016-12-12 at 21:59 -0800, Gordon Farquharson wrote:
> 3. Do you recommend migrating existing VirtualBox images to KVM?
On Tue, 13 Dec 2016 14:25:32 +0530, Ritesh Raj Sarraf wrote:
> Migration should be doable. I'm not sure if there are any issues in
> migration, but you may give it a
Hi Moritz,
>
>We'll have a security team meeting at DebConf and will discuss
>virtualbox as well.
following up on the DebConf discussion,
I did update vbox for wheezy and jessie, on
the respective braches on git (names with the codenames)
targeted -security.
On Mon, Aug 10, 2015 at 07:16:59AM +, Gianfranco Costamagna wrote:
Yes, otherwise the points remains:
1) leave the oracle with CVEs in stable releases
or
2) have an exception from Security Team and/or Release Team
or
3) wait and hope Oracle will change the model or make an
On Mon, 2015-08-10 at 07:16 +, Gianfranco Costamagna wrote:
But if the security team can agree up with this release model, then
the
VBox team could just keep it up-to-date.
Yes, otherwise the points remains:
1) leave the oracle with CVEs in stable releases
or
2) have an
On Mon, 2015-08-10 at 07:40 +0200, Markus Frosch wrote:
I'm not sure how they handle vulnerabilities. But their release
strategy is: ESR and Regular releases. Every security fix goes into
the
next Regular release, and also the ESR release.
ESR is supported until the next ESR (31 =
Hi,
Debian Security Team:
These are what we have currently in Debian:
oldstable: 4.1.18
stable: 4.3.18
testing: 4.3.30
I would add (as Ben requested)
old-old-stable 3.2.10 -- 3.2.28
(this will fix AFAICS all the CVEs on o-o-stable, but not the latest one)
On Sat, 2015-08-08 at 20:11 +0200, Markus Frosch wrote:
Hi Gianfranco,
thanks for your summary.
Although I'm not involved in maintaining virtualbox, still a few
thoughts:
* What would that mean for Jessie updates?
* Isn't that basically the same problem we have with MySQL,
or even
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 09.08.2015 12:51, Ritesh Raj Sarraf wrote:
Not sure about MySQL, but for Iceweasel, is it really like that ?
From what I've known, there were trademark issues which led to the rebranding.
Sorry for being unclear, I meant the usage of
On Mon, 3 Aug 2015 10:47:23 + (UTC) Gianfranco Costamagna
costamagnagianfra...@yahoo.it wrote:
Source: virtualbox
Version: 4.3.30-dfsg-1
Severity: critical
Hi Gianfranco,
thanks for your summary.
Although I'm not involved in maintaining virtualbox, still a few
thoughts:
* What would
Hi Debian Release Team,
TLTR:
Virtualbox suffers of many security issues in Debian,
specially because Upstream (Oracle) refuses to give
patches for CVEs, and (you can see in the Debian bug
794466 an analysis of the Oracle policy and discussion)
this makes difficult to handle security uploads
Hi Frank and Release Team,
Oracle at this moment maintains a 4.0.x 4.1.x 4.2.x 4.3.x 5.0.x
branches where security fixes seems to be addressed all.
(virtualbox-ose from o-o-s still needs some pinpoint fixes)
virtualbox-ose is at version 3.2.10, and the last release from [1]
is 3.2.28, and
On Sat, Aug 08, 2015 at 09:23:31PM +, Gianfranco Costamagna wrote:
Virtualbox suffers of many security issues in Debian,
specially because Upstream (Oracle) refuses to give
patches for CVEs, and (you can see in the Debian bug
794466 an analysis of the Oracle policy and discussion)
this
Hi Debian Security Team,
(Dear Jonathan, thanks for the heads-up, I tried to avoid cross-posting,
and I thought release was a better place then security, so dropping
-release from the mail cc, let me know if I have to readd it)
I would like to ask you whether is possible to have an exception
Source: virtualbox
Version: 4.3.30-dfsg-1
Severity: critical
X-Debbugs-CC: j...@inutil.org
X-Debbugs-CC: r...@debian.org
X-Debbugs-CC: frank.mehn...@oracle.com
X-Debbugs-CC: klaus.espenl...@oracle.com
(please cc people if needed
As Said in many different threads [1 bottom of the mail], Upstream
19 matches
Mail list logo