[Pkg-virtualbox-devel] Bug#794466: Virtualbox might not be suitable for Stretch
Jonathan Wiltshire
jmw at debian.org
Sat Aug 8 21:42:19 UTC 2015
On Sat, Aug 08, 2015 at 09:23:31PM +0000, Gianfranco Costamagna wrote:
> Virtualbox suffers of many security issues in Debian,
> specially because Upstream (Oracle) refuses to give
> patches for CVEs, and (you can see in the Debian bug
> 794466 an analysis of the Oracle policy and discussion)
> this makes difficult to handle security uploads in stable
> releases.
>
>
> The only patch they give for a CVE is "upgrade to the
> next version of the stable branch", and extracting patches
> from the code is not trivial, specially for such a huge package.
You should bring this up with the security team and see whether they are
satisfied that previous upstream releases have been of sufficient quality
for this to be feasible in the future.
--
Jonathan Wiltshire jmw at debian.org
Debian Developer http://people.debian.org/~jmw
4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-virtualbox-devel/attachments/20150808/d69983a3/attachment.sig>
More information about the Pkg-virtualbox-devel
mailing list