Re: About virtualbox-ose in squeeze
Hi,
>Hello,
>
>we have virtualbox-ose in dla-needed.txt for a while already. Upstream
>support by Oracle ended in June 2015 and I doubt that we will ever have
>fixes for the latest issues that have been reported against it...
>
>I would thus suggest that we send out a DLA announcing that it's no longer
>supported in squeeze and that we update debian-security-support. What do
>you think?
>
>Gianfranco, do you agree or is there any chance of another 3.2.x release
>from upstream?
I think 3.2.x is EOL.
actually we can fix something, e.g. CVE-2015-7183, but it has no DSA, and I
don't think fixing spurious CVEs just because some patches applies works in general.
I think with 3.2.28 we have performed our last upload.
cheers,
G.
Reply to: