[Pkg-virtualbox-devel] I: [Fwd: please update virtualbox-guest-additions-iso in debian jessie]
Salvatore Bonaccorso
carnil at debian.org
Fri Jul 15 18:24:55 UTC 2016
Hi Gianfranco,
On Fri, Jul 15, 2016 at 04:10:38PM +0000, Gianfranco Costamagna wrote:
> Hi Security Team, a while ago we got virtualbox updated from 4.3.18
> to 4.3.36 as security > upload.
>
> This was a complete success, but now we have two "issues" 1) there
> is a mismatch between virtualbox and virtualbox-guest-additions-iso
> packages (this isn't a big issue, since it is just a warning)
>
>
> 2) the guest-additions-iso package is an iso file that contains some
> source code (from virtualbox) and builds kernel modules and some
> tools used in the guest machines.
>
> I don't know, but it might be affected by some/many of the same CVEs
> that we fixed in virtualbox, so I think it is a sane idea to have a
> security upload also for this package.
>
> What is your opinion? I can upload a 4.3.36 in a few minutes if
> needed, it is just a matter of packing an iso and creating a
> changelog entry.
The package beeing non-free in all supported suites is not really
supported via security.d.o. Could you contact the stable release
managers to have an update sheduled via a point release?
Cf.
https://www.debian.org/doc/manuals/developers-reference/ch05.en.html#upload-stable
Regards,
Salvatore
More information about the Pkg-virtualbox-devel
mailing list