Bug#785424: Re: Bug#785424: [Pkg-virtualbox-devel] Bug#785424: virtualbox: CVE-2015-3456: floppy driver host code execution

2015-05-19 Thread Frank Mehnert
.18 affected? > > > cheers, > > Gianfranco > > > > > Il Lunedì 18 Maggio 2015 20:36, Frank Mehnert ha > scritto: Hi Gianfranco, > > could you also have a look here? > > https://www.virtualbox.org/ticket/14128#comment:1 > > Th

Bug#785424: Re: [vbox-dev] CVE-2015-3456 aka VENOM

2015-05-19 Thread Frank Mehnert
15-3456 > http://xenbits.xen.org/xsa/advisory-133.html the VirtualBox code is inherited from Qemu but the code is not the same. Yes, we are sure the bug is fixed in VBox 4.3.28. Kind regards, Frank -- Dr.-Ing. Frank Mehnert | Software Development Director, VirtualBox ORACLE Deutschland B.V. &

Bug#785424: [Pkg-virtualbox-devel] Bug#785424: virtualbox: CVE-2015-3456: floppy driver host code execution

2015-05-18 Thread Frank Mehnert
lbox-devel mailing list > pkg-virtualbox-de...@lists.alioth.debian.org > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-virtualbox-devel -- Dr.-Ing. Frank Mehnert | Software Development Director, VirtualBox ORACLE Deutschland B.V. & Co. KG | Werkstr. 24 | 71384 Weinstadt, Germa

Bug#775888: [vbox-dev] Fwd: Re: Bug#775888: virtualbox: CVE-2014-6588 CVE-2014-6589 CVE-2014-6590 CVE-2014-6595 CVE-2015-0418 CVE-2015-0427

2015-01-21 Thread Frank Mehnert
is not affected (only 4.2.x and older) CVE-2014-0224: this is related to OpenSSL and therefore not a problem for Linux distributions as you compile your code against the distro-specific OpenSSL implementation. Frank -- Dr.-Ing. Frank Mehnert | Software Development Direc

Bug#775888: Re: [vbox-dev] Fwd: Re: Bug#775888: virtualbox: CVE-2014-6588 CVE-2014-6589 CVE-2014-6590 CVE-2014-6595 CVE-2015-0418 CVE-2015-0427

2015-01-21 Thread Frank Mehnert
o these old versions. Sorry but it's not possible to support such old versions, we only support the latest versions of a specific branch. > 4.3.20 (not affected at all I presume) Correct, already contains fixes for all these problems. Frank -- Dr.-Ing. Frank Mehnert | Software

Bug#698292: [Pkg-virtualbox-devel] Bug#698292: virtualbox: CVE-2013-0420

2013-01-16 Thread Frank Mehnert
twork/topics/security/cpujan2013-1515902.html > > Can you contact upstream for an isolated patch to apply to Wheezy? The fix can be found in https://www.virtualbox.org/changeset/44055/vbox Please ignore the change in DevVGA.h, this change is not necessary. Kind regards, Frank -- Dr.-In

Bug#690777: [Pkg-virtualbox-devel] Bug#690777: virtualbox: CVE-2012-3221

2012-10-17 Thread Frank Mehnert
: http://www.halfdog.net/Security/2012/VirtualBoxSoftwareInterrupt0x8GuestCrash/ Kind regards, Frank -- Dr.-Ing. Frank Mehnert | Software Development Director, VirtualBox ORACLE Deutschland B.V. & Co. KG | Werkstr. 24 | 71384 Weinstadt, Germany Hauptverwaltung: Riesstr. 25, D-80992 München Registergericht: Amtsgericht

Bug#625658: [Pkg-virtualbox-devel] Bug#625658: virtualbox-ose: FTBFS for xorg-server 1.10 rebuild: ** gcc version 4.6.1 found, expected gcc 3.x with x>1 or gcc 4.x with 0

2011-05-05 Thread Frank Mehnert
; > > > ___ > Pkg-virtualbox-devel mailing list > pkg-virtualbox-de...@lists.alioth.debian.org > http://lists.alioth.debian.org/mailman/listinfo/pkg-virtualbox-devel -- ORACLE Deutschland B.V. & Co. KG Dr.-Ing. Frank Mehnert Wer

Bug#596669: [Pkg-virtualbox-devel] Bug#596669: copyright issues in virtualbox-ose-3.2.6-dfsg/src/apps/svnsync-vbox/Makefile{, .kmk}

2010-09-13 Thread Frank Mehnert
that it will be useful, but WITHOUT ANY WARRANTY of any kind. > # Sorry guys, these files slipped through. You can safely remove that directory from the sources as this is a tool which isn't required for building VirtualBox. Kind regards, Frank -- ORACLE Deutschland B.V. & Co. KG Dr

Bug#574662: virtualbox-ose-guest-x11: vboxvideo incompatible with 2.6.32-4 kernel

2010-03-24 Thread Frank Mehnert
Should be fixed in the upcoming version 3.1.6. Fix can be found here: http://www.virtualbox.org/changeset/27248 Kind regards, Frank -- Dr.-Ing. Frank Mehnert Sitz der Gesellschaft: Sun Microsystems GmbH, Sonnenallee 1, 85551 Kirchheim-Heimstetten Amtsgericht München: HRB 161028

Bug#554385: [Pkg-virtualbox-devel] Bug#554385: virtualbox-ose-source does not compile for kernel 2.6.31-1

2009-11-04 Thread Frank Mehnert
heck if you are really trying to compile the 3.0.10 sources. Kind regards, Frank -- Dr.-Ing. Frank Mehnert Sitz der Gesellschaft: Sun Microsystems GmbH, Sonnenallee 1, 85551 Kirchheim-Heimstetten Amtsgericht München: HRB 161028 Geschäftsführer: Thomas Schröder, Wolfgang Engels, Wolf Frenkel Vo

Bug#504149: [Pkg-virtualbox-devel] Bug#504149: virtualbox-ose: symlink vulnerability due to bad /tmp handling

2008-11-05 Thread Frank Mehnert
on to this, virtualbox does not clean up /tmp/.vbox-$USER-ipc/ > when exiting, which is just rude. We will fix that later. I hope our fix is sufficient. The changesets r13788, r13807, r13809, r13810 should check the permissions. These changesets should apply to 1.6.6 and 2.0 as well. Kind

Bug#479046: [Pkg-virtualbox-devel] Bug#479046: kbuild

2008-05-06 Thread Frank Mehnert
1.6.0-OSE builds fine here with that kBuild version (svn 1587). You really might consider backporting this fix to 1.5. Frank -- Dr.-Ing. Frank MehnertSun Microsystemshttp://www.sun.com/ signature.asc Description: This is a digitally signed message part.

Bug#304188: Does 0.6.4-4.12 work properly?

2005-04-13 Thread Frank Mehnert
Yes, 0.6.4-4.12 (from current sarge) works if /usr is mounted via nfs. Frank -- ## Dept. of Computer Science, Dresden University of Technology, Germany ## ## http://os.inf.tu-dresden.de/~fm3 ## pgpx3H50bUnxC.pgp Description: PGP signature

Bug#296397: aspell-de broken again

2005-02-22 Thread Frank Mehnert
Package: aspell-de Version: 0.60-20030222-1-2 Severity: grave Justification: renders package unusable aspell --lang=de -c gives me the error Unhandled Error: The method "clear" is unimplemented in "WritableDict". Aborted while aspell --lang=en -c works correctly. It seems that ther