[Pkg-virtualbox-devel] Bug#785424: Bug#785424: virtualbox: CVE-2015-3456: floppy driver host code execution

Tue May 19 08:20:07 UTC 2015

Hi Frank, is 4.1.18 affected?

cheers,

Gianfranco

Il Lunedì 18 Maggio 2015 20:36, Frank Mehnert <frank.mehnert at oracle.com> ha scritto:
Hi Gianfranco,

could you also have a look here?

  https://www.virtualbox.org/ticket/14128#comment:1

This is regarding the 4.3.18 Jessie package.

Thanks,

Frank

On Monday 18 May 2015 16:48:13 Gianfranco Costamagna wrote:
> Hi
> 
> sid/testing:
> 
> - 4.3.28 is not affected (upload pending)
> 
> -jessie:
> 4.3.18-dfsg-3+deb8u2 is fixed in git branch jessie, with the upstream patch
> 
> http://anonscm.debian.org/cgit/pkg-virtualbox/virtualbox.git/commit/?h=jessi
> e&id=990f846aec31871952b839ed93f7963f16bceb0c
> 
> -wheezy:
> 4.1.18-dfsg-2+deb7u5 should be fixed in git branch wheezy with the (little
> changed to remove fuzz and to find the file in the right location) upstream
> patch
> 
> http://anonscm.debian.org/cgit/pkg-virtualbox/virtualbox.git/commit/?h=wheez
> y&id=3426d960fc44c86b31d8755717499c83fc127194
> 
> I'm rebuilding right now them, sorry for the looooooong delay in fixing
> them, upstream only ack'd the patch today, and I was also on VAC for two
> days.
> 
> 
> cheers,
> 
> Gianfranco
> 
> _______________________________________________
> Pkg-virtualbox-devel mailing list
> Pkg-virtualbox-devel at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-virtualbox-devel

-- 
Dr.-Ing. Frank Mehnert | Software Development Director, VirtualBox
ORACLE Deutschland B.V. & Co. KG | Werkstr. 24 | 71384 Weinstadt, Germany

ORACLE Deutschland B.V. & Co. KG
Hauptverwaltung: Riesstraße 25, D-80992 München
Registergericht: Amtsgericht München, HRA 95603

Komplementärin: ORACLE Deutschland Verwaltung B.V.
Hertogswetering 163/167, 3543 AS Utrecht, Niederlande
Handelsregister der Handelskammer Midden-Niederlande, Nr. 30143697
Geschäftsführer: Alexander van der Ven, Astrid Kepper, Val Maher