[Pkg-virtualbox-devel] Bug#775888: virtualbox: CVE-2014-6588 CVE-2014-6589 CVE-2014-6590 CVE-2014-6595 CVE-2015-0418 CVE-2015-0427

Ritesh Raj Sarraf rrs at debian.org
Tue Jan 27 09:28:14 UTC 2015


On 01/26/2015 10:51 PM, Moritz Mühlenhoff wrote:
>> Moritz,
>> > 
>> > For unstable, I've pushed the upload an d asked for an exception.
> I've added the VMSVGA fixes to the security tracker, but there are also
> two issues in "Core", which apply to wheezy/jessie:
>
> Could you please check back with upstream on CVE-2015-0377 and CVE-2015-0418?
>
> http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

Frank from Oracle had mentioned that those 2 CVEs do not affect 4.3.x.
(Please see attached email).

For Wheezy, those CVE patches are included.


TO quote Frank and Gianfranco's conversation:
>> CVE-2015-0418: VBox 4.3.x is not affected (only 4.2.x and older)
>> CVE-2015-0377: VBox 4.3.x is not affected (only 4.2.x and older)
> do you have any patch for <= 4.2.x then?

Attached.



-- 
Ritesh Raj Sarraf | http://people.debian.org/~rrs
Debian - The Universal Operating System

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-virtualbox-devel/attachments/20150127/765d973b/attachment-0001.html>
-------------- next part --------------
An embedded message was scrubbed...
From: Frank Mehnert <frank.mehnert at oracle.com>
Subject: Re: Re: [vbox-dev] Fwd: Re: Bug#775888: virtualbox: CVE-2014-6588 CVE-2014-6589 CVE-2014-6590 CVE-2014-6595 CVE-2015-0418 CVE-2015-0427
Date: Wed, 21 Jan 2015 16:03:14 +0100
Size: 16421
URL: <http://lists.alioth.debian.org/pipermail/pkg-virtualbox-devel/attachments/20150127/765d973b/attachment-0001.mht>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-virtualbox-devel/attachments/20150127/765d973b/attachment-0001.sig>


More information about the Pkg-virtualbox-devel mailing list