Hi, I've recently released some more detailed information on these CVEs that can hopefully help out; see <http://seclists.org/fulldisclosure/2014/Feb/48>.
(In addition, another author has written up <http://seclists.org/dailydave/2014/q1/21> about CVE-2013-5892.) In summary: CVE-2013-5892 = guest root -> host user mode (at minimum) code execution CVE-2014-0407 = host userspace information leak to guest root CVE-2014-0405 = guest user mode -> guest kernel mode code execution (Windows guests with the additions driver (in virtualbox-guest-additions-iso in non-free) only, as has already been brought up) CVE-2014-0406 = DoS (via out-of-bounds read) of host VBox process by guest root CVE-2014-0404 = DoS (via triggering of incorrect assertion) of host VBox process by guest root - Matthew -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
