Hi Paul,
> > Please don't, upstream already has a patch in SVN¹, but didn't mark the
> > bug (I just did).
>
> Please find attached the debdiff that I could come up with from my work
> on sid, jessie and wheezy. It isn't tested yet (I don't have a suitable
> setup for that) so I appreciate it if
El 13/12/15 a las 21:06, Luciano Bello escribió:
> On Saturday 12 December 2015 21.44.28 Santiago Ruano Rincón wrote:
>
> > I've uploaded grub2 to fix this CVE for squeeze today. And attached you
>
> > can find debdiffs for wheezy and jessie. I've already tested the jessie
>
> > package, but not
Hello,
we have virtualbox-ose in dla-needed.txt for a while already. Upstream
support by Oracle ended in June 2015 and I doubt that we will ever have
fixes for the latest issues that have been reported against it...
I would thus suggest that we send out a DLA announcing that it's no longer
suppor
Hi,
>Hello,
>
>we have virtualbox-ose in dla-needed.txt for a while already. Upstream
>support by Oracle ended in June 2015 and I doubt that we will ever have
>fixes for the latest issues that have been reported against it...
>
>I would thus suggest that we send out a DLA announcing that it's n
Hi,
It appears that I don't have enough time to work and test on
squeeze-lts to take that responsibility, sorry.
Regards,
Aron
On Mon, Nov 16, 2015 at 5:55 AM, Santiago Ruano Rincón
wrote:
> Hello dear maintainer(s),
>
> the Debian LTS team would like to fix the security issues which are
> curr
On Monday 14 December 2015 14.15.23 Santiago Ruano Rincón wrote:
> Luciano, I may upload them, unless you disagree or you want to do it by
> yourself.
Please go ahead!
Thanks for your patch :)
/luciano
On Wed, Nov 25, 2015 at 11:58:19AM +0100, Florian Weimer wrote:
> * Guido Günther:
>
> > On Thu, Nov 05, 2015 at 09:00:51PM +0100, Florian Weimer wrote:
> >> * Mike Hommey:
> >> > The biggest issue with NSS version bumps is that defaults change,
> >> > such as cyphers, protocols, etc. That can hav
* Moritz Muehlenhoff:
(NSS backwards compatibility)
>> Yes, for mere backporting of new versions, this can be helpful.
>
> OTOH, new Iceweasel ESR releases also deprecate insecure crypto features,
> so doing the same in nss seems somewhat acceptable to me.
NSS is far more radical than that: Upst
Hi Chris,
On 14-12-15 11:32, Chris Lamb wrote:
>>> Please don't, upstream already has a patch in SVN¹, but didn't mark the
>>> bug (I just did).
>>
>> Please find attached the debdiff that I could come up with from my work
>> on sid, jessie and wheezy. It isn't tested yet (I don't have a suitable
