[Pkg-virtualbox-devel] Bug#785424: virtualbox: CVE-2015-3456: floppy driver host code execution
Gianfranco Costamagna
costamagnagianfranco at yahoo.it
Mon May 18 16:48:13 UTC 2015
Hi
sid/testing:
- 4.3.28 is not affected (upload pending)
-jessie:
4.3.18-dfsg-3+deb8u2 is fixed in git branch jessie, with the upstream patch
http://anonscm.debian.org/cgit/pkg-virtualbox/virtualbox.git/commit/?h=jessie&id=990f846aec31871952b839ed93f7963f16bceb0c
-wheezy:
4.1.18-dfsg-2+deb7u5 should be fixed in git branch wheezy with the (little changed to remove fuzz and to find the file in the right location) upstream patch
http://anonscm.debian.org/cgit/pkg-virtualbox/virtualbox.git/commit/?h=wheezy&id=3426d960fc44c86b31d8755717499c83fc127194
I'm rebuilding right now them, sorry for the looooooong delay in fixing them, upstream only ack'd the patch today, and I was also on VAC for two days.
cheers,
Gianfranco
More information about the Pkg-virtualbox-devel
mailing list