Hi Gianfranco, On Tuesday 19 May 2015 09:17:13 Gianfranco Costamagna wrote: > Hi Frank, are you sure the bug is really fixed? > > the qemu patch seems to be different from the virtualbox one, and seems that > the affected code is not fixed > http://git.qemu.org/?p=qemu.git;a=blobdiff;f=hw/block/fdc.c;h=d8a8edd936f42 > d4b1d801c996932668e456b5896;hp=f72a39216347e722496797555db9f208b0c5b4b2;hb=e > 907746266721f305d67bc0718795fedee2e824c;hpb=968bb75c348a401b85e08d5eb1887a3e > 6c3185f5 > > > e.g. > https://security-tracker.debian.org/tracker/CVE-2015-3456 > http://xenbits.xen.org/xsa/advisory-133.html
the VirtualBox code is inherited from Qemu but the code is not the same. Yes, we are sure the bug is fixed in VBox 4.3.28. Kind regards, Frank -- Dr.-Ing. Frank Mehnert | Software Development Director, VirtualBox ORACLE Deutschland B.V. & Co. KG | Werkstr. 24 | 71384 Weinstadt, Germany ORACLE Deutschland B.V. & Co. KG Hauptverwaltung: Riesstraße 25, D-80992 München Registergericht: Amtsgericht München, HRA 95603 Komplementärin: ORACLE Deutschland Verwaltung B.V. Hertogswetering 163/167, 3543 AS Utrecht, Niederlande Handelsregister der Handelskammer Midden-Niederlande, Nr. 30143697 Geschäftsführer: Alexander van der Ven, Astrid Kepper, Val Maher -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
