Bug#735410: marked as done (virtualbox: CVE-2013-5892 CVE-2014-0407 CVE-2014-0406 CVE-2014-0404)

[Debian Bug Tracking System]

Your message dated Mon, 10 Feb 2014 22:19:49 +0000
with message-id <e1wczcf-00037j...@franck.debian.org>
and subject line Bug#735410: fixed in virtualbox 4.3.6-dfsg-1
has caused the Debian Bug report #735410,
regarding virtualbox: CVE-2013-5892 CVE-2014-0407 CVE-2014-0406 CVE-2014-0404
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
735410: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=735410
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: virtualbox
Severity: grave
Tags: security

http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html

Several vulnerabilities have been reported in VirtualBox. Details are scarce, so
please get in touch with upstream for more information on eventual backports
to oldstable/stable. Judging from the CVSS scores this is likely only local
denial of service, in that case we likely don't need a DSA.

CVE-2013-5892   
CVE-2014-0407
CVE-2014-0406
CVE-2014-0404

In addition CVE-2014-0405 seems to affect virtualbox-guest-additions-iso from 
non-free

Cheers,
        Moritz

--- End Message ---

--- Begin Message ---

Source: virtualbox
Source-Version: 4.3.6-dfsg-1

We believe that the bug you reported is fixed in the latest version of
virtualbox, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 735...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Felix Geyer <fge...@debian.org> (supplier of updated virtualbox package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 10 Feb 2014 21:41:40 +0100
Source: virtualbox
Binary: virtualbox-qt virtualbox virtualbox-dbg virtualbox-dkms 
virtualbox-source virtualbox-guest-dkms virtualbox-guest-source 
virtualbox-guest-x11 virtualbox-guest-utils
Architecture: source amd64 all
Version: 4.3.6-dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Virtualbox Team 
<pkg-virtualbox-de...@lists.alioth.debian.org>
Changed-By: Felix Geyer <fge...@debian.org>
Description: 
 virtualbox - x86 virtualization solution - base binaries
 virtualbox-dbg - x86 virtualization solution - debugging symbols
 virtualbox-dkms - x86 virtualization solution - kernel module sources for dkms
 virtualbox-guest-dkms - x86 virtualization solution - guest addition module 
source for dk
 virtualbox-guest-source - x86 virtualization solution - guest addition module 
source
 virtualbox-guest-utils - x86 virtualization solution - non-X11 guest utilities
 virtualbox-guest-x11 - x86 virtualization solution - X11 guest utilities
 virtualbox-qt - x86 virtualization solution - Qt based user interface
 virtualbox-source - x86 virtualization solution - kernel module source
Closes: 733263 734340 735410 736459
Changes: 
 virtualbox (4.3.6-dfsg-1) unstable; urgency=medium
 .
   * New upstream release. (Closes: #733263)
     - Fixes build against Linux 3.13. (Closes: #734340)
     - Fixes several vulnerabilities. (Closes: #735410)
       CVE-2013-5892, CVE-2014-0407, CVE-2014-0406, CVE-2014-0404
   * Drop compatibility with old X11 server packages.
   * Enable hardened build flags using hardening-wrapper. The upstream build
     system ignores the *FLAGS env variables. (Closes: #736459)
   * Refresh 16-no-update.patch.
Checksums-Sha1: 
 4e68f844fd0ce7b1cf13ddefd38e8ea958375e02 3560 virtualbox_4.3.6-dfsg-1.dsc
 b2756eb2099d1493d9419f2a8574e0afc2f78a87 42418500 
virtualbox_4.3.6-dfsg.orig.tar.xz
 ddb6145d425cee809ca416e48e317107a59ea914 74368 
virtualbox_4.3.6-dfsg-1.debian.tar.xz
 0e3b04de6ed90a85473f42ec97f5714bd4c91724 4584712 
virtualbox-qt_4.3.6-dfsg-1_amd64.deb
 7388aeca40079661b2b929848cdf358c79d481a5 15489632 
virtualbox_4.3.6-dfsg-1_amd64.deb
 a9312d93535da7bb93e36d21e9dbcca8a13c9a67 64523320 
virtualbox-dbg_4.3.6-dfsg-1_amd64.deb
 f640925b24aa5bd7cd0751d238b14718b4ef3cdd 556802 
virtualbox-dkms_4.3.6-dfsg-1_all.deb
 a067bd19efcb87fbdadb18f4c1f36c3f2c2204cf 659012 
virtualbox-source_4.3.6-dfsg-1_all.deb
 1d29d8c1c7dda0bfdbabd1211247b778d4b0d823 469444 
virtualbox-guest-dkms_4.3.6-dfsg-1_all.deb
 92ca85efd8bae3e28cd28f9b1636b278ba64ce70 569380 
virtualbox-guest-source_4.3.6-dfsg-1_all.deb
 d44051d8e4f51db1ed488869fbbf35f92e77abfc 1006226 
virtualbox-guest-x11_4.3.6-dfsg-1_amd64.deb
 600d632926a78aa3e3dd655b8ae93f20ac4dc1a5 365764 
virtualbox-guest-utils_4.3.6-dfsg-1_amd64.deb
Checksums-Sha256: 
 a729fe78940f792933b836391c697dd772988b42d05139a89594c5818ea1373e 3560 
virtualbox_4.3.6-dfsg-1.dsc
 84e361a240eaec6b339258fd4eada14f81586fe531db50cc62bf253162ceb943 42418500 
virtualbox_4.3.6-dfsg.orig.tar.xz
 55a1190e7e987acdeec8d36da9a35c5c240b479d0cac86719b036022cf4d1e6e 74368 
virtualbox_4.3.6-dfsg-1.debian.tar.xz
 6cb9f1ecd08944afa73bb1f0424c106ce8ae2339cbc1e71c134567b4d6250e36 4584712 
virtualbox-qt_4.3.6-dfsg-1_amd64.deb
 423ae59c4e302bf4991197c72c3ad1ff020a32709025238de87b539bc38142d1 15489632 
virtualbox_4.3.6-dfsg-1_amd64.deb
 2655fe62ea9ba1ffb62dc4338b8f8630315cae0547de543db14e26d156764da9 64523320 
virtualbox-dbg_4.3.6-dfsg-1_amd64.deb
 29ebd081118d504cccf04c1eed928f77f3ae4717dc0e352645102a12c940cf98 556802 
virtualbox-dkms_4.3.6-dfsg-1_all.deb
 74cbe0426652024921e4d84df81dee2d2c6135df16db6ecd8bfb12c3591906b3 659012 
virtualbox-source_4.3.6-dfsg-1_all.deb
 fc162f7275cdbc0c7461f8a2a9d9d0d366b04568ab996eb28c9d7c56340d5b16 469444 
virtualbox-guest-dkms_4.3.6-dfsg-1_all.deb
 de84dd4fa4acc2d7cf0b1da151f48b94df18dc8b66f9f049609f85cbae1006bd 569380 
virtualbox-guest-source_4.3.6-dfsg-1_all.deb
 593ae20f1b1d8fc6a9f0d7f6058a08961507ad0b3a11ceebd1f5f3efafb3382e 1006226 
virtualbox-guest-x11_4.3.6-dfsg-1_amd64.deb
 63c3db848f4d9699620b0d6fbece07ea5f9e70c270c90d9e3882db9472f3a7b5 365764 
virtualbox-guest-utils_4.3.6-dfsg-1_amd64.deb
Files: 
 a49d8f62347b296f46b101dd6b13497e 3560 contrib/misc optional 
virtualbox_4.3.6-dfsg-1.dsc
 1af3d4273ae0d3daa163327fae3e3aae 42418500 contrib/misc optional 
virtualbox_4.3.6-dfsg.orig.tar.xz
 b6b5174db484c18af866b348f56cccd3 74368 contrib/misc optional 
virtualbox_4.3.6-dfsg-1.debian.tar.xz
 fcfdc8510e2527f9055fa48467b879d9 4584712 contrib/misc optional 
virtualbox-qt_4.3.6-dfsg-1_amd64.deb
 f2a9e208eab81c7df57e1bd1a6f1e7c2 15489632 contrib/misc optional 
virtualbox_4.3.6-dfsg-1_amd64.deb
 769e548b6e3f41698db2fa7187225d10 64523320 contrib/debug extra 
virtualbox-dbg_4.3.6-dfsg-1_amd64.deb
 ab852d877d92f2e722279562603dadc2 556802 contrib/kernel optional 
virtualbox-dkms_4.3.6-dfsg-1_all.deb
 5bc131dc05d627e599b5e5a1649228ba 659012 contrib/kernel optional 
virtualbox-source_4.3.6-dfsg-1_all.deb
 79878efa98de7b6c9e9266c55629dfcc 469444 contrib/kernel optional 
virtualbox-guest-dkms_4.3.6-dfsg-1_all.deb
 46bc6a9f90e0d769b0c8e17c6ab22205 569380 contrib/kernel optional 
virtualbox-guest-source_4.3.6-dfsg-1_all.deb
 e34d93d6e452a10bd65e98cdf5eead2a 1006226 contrib/x11 optional 
virtualbox-guest-x11_4.3.6-dfsg-1_amd64.deb
 751f14186f097a430d4368e9de7d8100 365764 contrib/misc optional 
virtualbox-guest-utils_4.3.6-dfsg-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJS+Ur1AAoJEP4ixv2DE11FwW0P/jxEuuWAyc96EUY3FZsBn0t4
I3mUjMSrnEYvJrP0hTeU//T37Ufv6kxnhzC2nn5VNuZrXrj9L6cipqnLF5dOe39a
4AGzjKSV/oFFPXREpbqfLy8Y46LOVTavjna5/DM8i3xdDP2XWSfOCh7sYLddjW+m
jyQjDo/BdzNJDCx76LJ1rx3eu6R8V9k2PVdZobdHpvtVYEq22fEEhwn8iSpWGkYU
Q1W7kxGKL/emxw7JMGB4UmIfhBt2TiZctZ7SIw8Y6tgHJtpD9Yq1ONz2mAKI2HYc
b51PYQ07i9xHZEeThvIuxYn81Uv0fpSM904vYArrVHGGkhaWmPXJmzf6ENfyW9yy
yIOecoskV1vmM9aCNsRHjUW224RjKW9f1uYy5uGpsgubNvuFnTQF2f/SIf6DmsWx
/QYdmdql7PMuL674+NJTx3D74bIr0JU9KyWdsjii9cV2S0+WrzXY+Qh97/nm/fAs
RX3xxDT4YXDASDSaqJsR/nT6lPAF1PalJd94U2F2Tk2DBTsDHyN3e9ZZXkEeDJyF
KsS8G8rB2DCFzlcTRnBwopxbepEZQepJGfOGWBBDBpgQ2wuR46/BJVOjHfCvLDdz
yziuIPBoxYIH51VcWHV3rGEygj5IEkoLsoJpPbIJIGUSUWy7qfmJc7K76joqdEIJ
AYdMg/FcONnWS+s+cH6s
=2SQs
-----END PGP SIGNATURE-----

--- End Message ---