Re: [SECURITY] [DSA 3359-1] virtualbox security update

2015-09-14 Thread Georgi Naplatanov
On 09/13/2015 10:47 PM, Moritz Muehlenhoff wrote: > - > Debian Security Advisory DSA-3359-1 secur...@debian.org > https://www.debian.org/security/ Moritz Muehlenhoff > September 13, 2015

Re: [SECURITY] [DSA 3359-1] virtualbox security update

2015-09-18 Thread Dirk Olsen
Am 13.09.2015 um 21:47 schrieb Moritz Muehlenhoff: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-3359-1 secur...@debian.org https://www.debian.org/security/

Re: [SECURITY] [DSA 3359-1] virtualbox security update

2015-09-18 Thread Moritz Mühlenhoff
Georgi Naplatanov schrieb: > > Dear maintainer(s), > virtualbox-guest-additions-iso package version is 4.3.18. Are you going > to update the package to version 4.3.30? The security team support doesn't support non-free. The maintainer can update it in a point update if needed. Cheers, Mo

Re: Bug#798979: [SECURITY] [DSA 3359-1] virtualbox security update

2015-09-18 Thread Gianfranco Costamagna
Hi Dirk, >your recommendation has produced bug #798979 and meanwhile 16 e-mails. >Why didn't you restrict these obviously not enough tested changes to >distributions other than "stable" and "oldstable" or at least to those >users who want to work with WiFi? As for Debian no homebanking programs

Re: Bug#798979: [SECURITY] [DSA 3359-1] virtualbox security update

2015-09-18 Thread Gianfranco Costamagna
BTW I'm mostly sure as we specified in a previous email, this problem is not related to the security DSA, but with a race condition in an upgrade path handled by apt. (probably always here, but with systemd it might be occurring more frequently). (it might have happened with a one-line patch, or

Re: Bug#798979: [SECURITY] [DSA 3359-1] virtualbox security update

2015-09-18 Thread Dirk Olsen
Am 18.09.2015 um 12:07 schrieb Gianfranco Costamagna: [...] Hi Dirk, first, you can always downgrade virtualbox, and you have plenty of google links teaching you how to cope with that. [...] Hi Gianfranco, before taking further action I would like to know whether the Debian Security Team

Re: Bug#798979: [SECURITY] [DSA 3359-1] virtualbox security update

2015-09-18 Thread Ritesh Raj Sarraf
Adding the other bug, similar to it, against Unstable. As mentioned earlier, it does look like we need to add a tighter dependency in between the dkms/source package and the main virtualbox package. I just made the changes, built, and verified locally. And it seems to be in line with my root ca

Re: Re: Bug#798979: [SECURITY] [DSA 3359-1] virtualbox security update

2015-10-03 Thread Gianfranco Costamagna
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi folks, with the Unstable/Strech fixed uploads I'm ready to ask for a DSA, to fix the virtualbox "regression" problem. Following the debdiff. Basically we fixed the circular dependency that lead to a bad behaviour during upgrades for some people.