[Pkg-virtualbox-devel] Bug#798979: [SECURITY] [DSA 3359-1] virtualbox security update

Dirk Olsen dirk-olsen at online.de
Fri Sep 18 09:38:04 UTC 2015 

Am 13.09.2015 um 21:47 schrieb Moritz Muehlenhoff:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> - -------------------------------------------------------------------------
> Debian Security Advisory DSA-3359-1                   security at debian.org
> https://www.debian.org/security/                       Moritz Muehlenhoff
> September 13, 2015                    https://www.debian.org/security/faq
> - -------------------------------------------------------------------------
>
> Package        : virtualbox
> CVE ID         : CVE-2015-2594
>
> This update fixes an unspecified security issue in VirtualBox related to
> guests using bridged networking via WiFi. Oracle no longer provides
> information on specific security vulnerabilities in VirtualBox. To still
> support users of the already released Debian releases we've decided to
> update these to the respective 4.1.40 and 4.3.30 bugfix releases.
>
> For the oldstable distribution (wheezy), this problem has been fixed
> in version 4.1.40-dfsg-1+deb7u1.
>
> For the stable distribution (jessie), this problem has been fixed in
> version 4.3.30-dfsg-1+deb8u1.
>
> For the testing distribution (stretch), this problem has been fixed
> in version 4.3.30-dfsg-1.
>
> For the unstable distribution (sid), this problem has been fixed in
> version 4.3.30-dfsg-1.
>
> We recommend that you upgrade your virtualbox packages.
>
> Further information about Debian Security Advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: https://www.debian.org/security/
>
> Mailing list: debian-security-announce at lists.debian.org
> -----BEGIN PGP SIGNATURE-----
>[.......]
>
> -----END PGP SIGNATURE-----

Hi,

your recommendation has produced bug #798979 and meanwhile 16 e-mails.
Why didn't you restrict these obviously not enough tested changes to 
distributions other than "stable" and "oldstable" or at least to those 
users who want to work with WiFi? As for Debian no homebanking programs 
are available which are able to handle with my RSA-chipcard, I am thrown 
on Windows under VirtualBox. If a new installation of the VM will be 
necessary I may be confronted with the loss of all my homebanking data, 
what an awful idea!

Dirk Olsen

More information about the Pkg-virtualbox-devel mailing list