Hi Moritz,
>
>We'll have a security team meeting at DebConf and will discuss
>virtualbox as well.
following up on the DebConf discussion,
I did update vbox for wheezy and jessie, on
the respective braches on git (names with the codenames)
targeted -security.
http://anonscm.debian.org/cgit/pkg-v
On Mon, Aug 10, 2015 at 07:16:59AM +, Gianfranco Costamagna wrote:
> Yes, otherwise the points remains:
>
> 1) leave the oracle with CVEs in stable releases
>
> or
>
> 2) have an exception from Security Team and/or Release Team
>
> or
>
> 3) wait and hope Oracle will change the model or ma
On Mon, 2015-08-10 at 07:16 +, Gianfranco Costamagna wrote:
> >But if the security team can agree up with this release model, then
> the
> >VBox team could just keep it up-to-date.
>
>
>
> Yes, otherwise the points remains:
>
> 1) leave the oracle with CVEs in stable releases
>
> or
>
Hi,
>Debian Security Team:
>These are what we have currently in Debian:
>
>oldstable: 4.1.18
>stable: 4.3.18
>testing: 4.3.30
I would add (as Ben requested)
old-old-stable 3.2.10 --> 3.2.28
(this will fix AFAICS all the CVEs on o-o-stable, but not the latest one)
https://www.virtualbox.org
On Mon, 2015-08-10 at 07:40 +0200, Markus Frosch wrote:
> > I'm not sure how they handle vulnerabilities. But their release
> strategy is: ESR and Regular releases. Every security fix goes into
> the
> > next Regular release, and also the ESR release.
> >
> > ESR is supported until the next ESR
Hi Debian Security Team,
(Dear Jonathan, thanks for the heads-up, I tried to avoid cross-posting,
and I thought release was a better place then security, so dropping
-release from the mail cc, let me know if I have to readd it)
I would like to ask you whether is possible to have an exception fo
6 matches
Mail list logo
