Your message dated Fri, 29 May 2015 07:17:07 +0000 with message-id <e1yyext-0005k5...@franck.debian.org> and subject line Bug#785424: fixed in virtualbox 4.3.18-dfsg-3+deb8u2 has caused the Debian Bug report #785424, regarding virtualbox: CVE-2015-3456: floppy driver host code execution to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 785424: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785424 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: virtualbox Version: 4.1.18-dfsg-1 Severity: grave Tags: security upstream fixed-upstream Justification: user security hole Hi, the following vulnerability was published for virtualbox. CVE-2015-3456[0]: | The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and | earlier and KVM, allows local guest users to cause a denial of service | (out-of-bounds write and guest crash) or possibly execute arbitrary | code via the (1) FD_CMD_READ_ID, (2) | FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka | VENOM. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-3456 [1] http://www.oracle.com/technetwork/topics/security/alert-cve-2015-3456-2542656.html Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: virtualbox Source-Version: 4.3.18-dfsg-3+deb8u2 We believe that the bug you reported is fixed in the latest version of virtualbox, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 785...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Ritesh Raj Sarraf <r...@debian.org> (supplier of updated virtualbox package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Fri, 22 May 2015 16:42:03 IST Source: virtualbox Binary: virtualbox-qt virtualbox virtualbox-dbg virtualbox-dkms virtualbox-source virtualbox-guest-dkms virtualbox-guest-source virtualbox-guest-x11 virtualbox-guest-utils Architecture: source all Version: 4.3.18-dfsg-3+deb8u2 Distribution: jessie-security Urgency: high Maintainer: Debian Virtualbox Team <pkg-virtualbox-de...@lists.alioth.debian.org> Changed-By: Ritesh Raj Sarraf <r...@debian.org> Description: virtualbox - x86 virtualization solution - base binaries virtualbox-dbg - x86 virtualization solution - debugging symbols virtualbox-dkms - x86 virtualization solution - kernel module sources for dkms virtualbox-guest-dkms - x86 virtualization solution - guest addition module source for dk virtualbox-guest-source - x86 virtualization solution - guest addition module source virtualbox-guest-utils - x86 virtualization solution - non-X11 guest utilities virtualbox-guest-x11 - x86 virtualization solution - X11 guest utilities virtualbox-qt - x86 virtualization solution - Qt based user interface virtualbox-source - x86 virtualization solution - kernel module source Closes: 785424 Changes: virtualbox (4.3.18-dfsg-3+deb8u2) jessie-security; urgency=high . * d/p/CVE-2015-3456.patch fix for CVE-2015-3456 a.k.a. VENOM (Closes: #785424) Checksums-Sha256: 376f9afd24608fd1e2a151853b761f0251b4d51992c4f13fbe8851d3fd4cab70 3733 virtualbox_4.3.18-dfsg-3+deb8u2.dsc 6dcb5f86cc5d7517ffdd4f96a533b6afbc138c4b7a4c7f07cf6b2dbe42f92167 76768 virtualbox_4.3.18-dfsg-3+deb8u2.debian.tar.xz faea34d3c7602f712215e8867a8add681507b9442d3757cbeef3d7201283027d 576902 virtualbox-dkms_4.3.18-dfsg-3+deb8u2_all.deb 4cc5958835afd019be0f2e5c5cd05ee1c2e0285205ee7491543abdec022f42bc 681916 virtualbox-source_4.3.18-dfsg-3+deb8u2_all.deb 424842aa89cef16de60602dbf34c4425f4095f0bb3e26d02911e9580148f8f70 487836 virtualbox-guest-dkms_4.3.18-dfsg-3+deb8u2_all.deb 80e3efd4a8222a54c5e8aa34121dc80a6a8dff34ea2d25c3ff82cf005ce6aa2a 591766 virtualbox-guest-source_4.3.18-dfsg-3+deb8u2_all.deb 9759c0ebb88a408bee603023e888362185ea5e9dce31cd5d90550b240d3864a1 43452624 virtualbox_4.3.18-dfsg.orig.tar.xz Checksums-Sha1: 8ac753d2428e681f9cb84553534e7934a601e853 3733 virtualbox_4.3.18-dfsg-3+deb8u2.dsc 5d680c27f575188bb06abe18ac7cd7c6ef987a2a 76768 virtualbox_4.3.18-dfsg-3+deb8u2.debian.tar.xz fee1aebf8e737ea4bdba69485460ae250c2d6f5a 576902 virtualbox-dkms_4.3.18-dfsg-3+deb8u2_all.deb e39852338c477f79ef972d2555d0647d4fdefc66 681916 virtualbox-source_4.3.18-dfsg-3+deb8u2_all.deb f7085b5108bbd637a6f9ac47a8d78c794dcdb196 487836 virtualbox-guest-dkms_4.3.18-dfsg-3+deb8u2_all.deb 960b830ee900329ecef0910691a7a54718b25e8a 591766 virtualbox-guest-source_4.3.18-dfsg-3+deb8u2_all.deb eb620e523134903bc466bacaf7c66a80abddaabf 43452624 virtualbox_4.3.18-dfsg.orig.tar.xz Files: 73b7342cc0c577aee475c1e64e7c800a 3733 contrib/misc optional virtualbox_4.3.18-dfsg-3+deb8u2.dsc 73bdc972803b1242b653a1ab95493a12 76768 contrib/misc optional virtualbox_4.3.18-dfsg-3+deb8u2.debian.tar.xz a5481ce6bda4562d88c45df2076177bc 576902 contrib/kernel optional virtualbox-dkms_4.3.18-dfsg-3+deb8u2_all.deb f9a5a77c5147ee3a70b6a17e5eec3e69 681916 contrib/kernel optional virtualbox-source_4.3.18-dfsg-3+deb8u2_all.deb d61d5c1ea7a16001ea7d5b74930433cb 487836 contrib/kernel optional virtualbox-guest-dkms_4.3.18-dfsg-3+deb8u2_all.deb 0b57c12aa236bc8400ce6f807f279a94 591766 contrib/kernel optional virtualbox-guest-source_4.3.18-dfsg-3+deb8u2_all.deb b95045bc205c8ae718ef901092db1edf 43452624 contrib/misc optional virtualbox_4.3.18-dfsg.orig.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVXxBaAAoJEKY6WKPy4XVpda0QAKkKyuq/9V8DvinZkJo6oLus nncox+KpV+T76LKRGNeqDmNaTkh1Nn5gYhbT2JQLuBnH3ZJ7LyoHl0XEsTY4I0uV x97LAz4Sam81u/eldZupp/lzWXF3m3MY310kGocK6PyOypqOUBUHfE5eIPWpuyhx 2AHBML9y+khJlp2xqkz1QHzIRzqFqV9YQk+NCNbsZDjaziToaql5Fd2MBSmUqfro /l01cMlNf2zFSJE/5cUS7JvY7McBkYiwYMhoNR2COkOrtPJBHJnxtn/sLLBfCxVs Iw65E/lxsjiDDm3mlSnc0HSm1RvACenNEzVCgkLooU0/JbaxNammLgoKIIokz7CU V6Jjcjg1Scwz5YCiNPxSHv5ZHnx4EjZTHecWhrVVHgQ3eaNpNGUW3os3mC+aARvq AMAopFtyZeJL4Qxrwlsk4QNwBpFYksOyc5tjcXtSImAdblPiJbGh6xeAzfjVHdVV QdyuEVFnMwEoqIDRMB1YwUSVMkz0uRId/gJPq/o5EbJtqOzmUMzkVNqH0DokFx58 SG+R7KLexqmqgvqtoMGrVS6JW4PdC7+AtvZ/3TUKyDB231s7bEs35IencuqEwBE8 QgQTyI4Lex8t++7krRke5o22MrAKUjT9Cp6cBaTDHUqEpIn7AFbuamBzirCSTxGn FTOL0fF4a8Tft5TaW4G8 =hd7E -----END PGP SIGNATURE-----
--- End Message ---
