[Pkg-virtualbox-devel] Bug#785424: [vbox-dev] CVE-2015-3456 aka VENOM

Gianfranco Costamagna costamagnagianfranco at yahoo.it
Tue May 19 09:17:13 UTC 2015


Hi Frank, are you sure the bug is really fixed?

the qemu patch seems to be different from the virtualbox one, and seems that the affected code is not fixed
http://git.qemu.org/?p=qemu.git;a=blobdiff;f=hw/block/fdc.c;h=d8a8edd936f42d4b1d801c996932668e456b5896;hp=f72a39216347e722496797555db9f208b0c5b4b2;hb=e907746266721f305d67bc0718795fedee2e824c;hpb=968bb75c348a401b85e08d5eb1887a3e6c3185f5


e.g.
https://security-tracker.debian.org/tracker/CVE-2015-3456
http://xenbits.xen.org/xsa/advisory-133.html



More information about the Pkg-virtualbox-devel mailing list