Bug#735410: marked as done (virtualbox: CVE-2013-5892 CVE-2014-0407 CVE-2014-0406 CVE-2014-0404)

[Debian Bug Tracking System]

Your message dated Sun, 16 Mar 2014 21:17:36 +0000
with message-id <e1wpir6-0000ss...@franck.debian.org>
and subject line Bug#735410: fixed in virtualbox-ose 3.2.10-dfsg-1+squeeze2
has caused the Debian Bug report #735410,
regarding virtualbox: CVE-2013-5892 CVE-2014-0407 CVE-2014-0406 CVE-2014-0404
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
735410: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=735410
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: virtualbox
Severity: grave
Tags: security

http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html

Several vulnerabilities have been reported in VirtualBox. Details are scarce, so
please get in touch with upstream for more information on eventual backports
to oldstable/stable. Judging from the CVSS scores this is likely only local
denial of service, in that case we likely don't need a DSA.

CVE-2013-5892   
CVE-2014-0407
CVE-2014-0406
CVE-2014-0404

In addition CVE-2014-0405 seems to affect virtualbox-guest-additions-iso from 
non-free

Cheers,
        Moritz

--- End Message ---

--- Begin Message ---

Source: virtualbox-ose
Source-Version: 3.2.10-dfsg-1+squeeze2

We believe that the bug you reported is fixed in the latest version of
virtualbox-ose, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 735...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Felix Geyer <fge...@debian.org> (supplier of updated virtualbox-ose package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 09 Mar 2014 20:23:51 +0100
Source: virtualbox-ose
Binary: virtualbox-ose-qt virtualbox-ose virtualbox-ose-dbg virtualbox-ose-dkms 
virtualbox-ose-source virtualbox-ose-guest-dkms virtualbox-ose-guest-source 
virtualbox-ose-guest-x11 virtualbox-ose-guest-utils virtualbox-ose-fuse
Architecture: source amd64 all
Version: 3.2.10-dfsg-1+squeeze2
Distribution: squeeze-security
Urgency: high
Maintainer: Debian Virtualbox Team 
<pkg-virtualbox-de...@lists.alioth.debian.org>
Changed-By: Felix Geyer <fge...@debian.org>
Description: 
 virtualbox-ose - x86 virtualization solution - base binaries
 virtualbox-ose-dbg - x86 virtualization solution - debugging symbols
 virtualbox-ose-dkms - x86 virtualization solution - kernel module sources for 
dkms
 virtualbox-ose-fuse - x86 virtualization solution - virtual filesystem
 virtualbox-ose-guest-dkms - x86 virtualization solution - guest addition 
module source for dk
 virtualbox-ose-guest-source - x86 virtualization solution - guest addition 
module source
 virtualbox-ose-guest-utils - x86 virtualization solution - non-X11 guest 
utilities
 virtualbox-ose-guest-x11 - x86 virtualization solution - X11 guest utilities
 virtualbox-ose-qt - x86 virtualization solution - Qt based user interface
 virtualbox-ose-source - x86 virtualization solution - kernel module source
Closes: 735410
Changes: 
 virtualbox-ose (3.2.10-dfsg-1+squeeze2) squeeze-security; urgency=high
 .
   * Apply fixes from the January 2014 security advisory. (Closes: #735410)
     - Add debian/patches/28-security-fixes-2014-01.patch
     - CVE-2013-5892, CVE-2014-0407, CVE-2014-0406, CVE-2014-0404
Checksums-Sha1: 
 136e470c81c22519d4e43bb6c6f385e96918daee 3044 
virtualbox-ose_3.2.10-dfsg-1+squeeze2.dsc
 f36d5b464ddf4fe11e5066276d4b960e8569bc02 28641481 
virtualbox-ose_3.2.10-dfsg.orig.tar.gz
 795c871ddf878c1bf7961d71e242c0d990d55766 93737 
virtualbox-ose_3.2.10-dfsg-1+squeeze2.diff.gz
 9fab8e0bf87788307a2a124f74a0b4171742b938 5000106 
virtualbox-ose-qt_3.2.10-dfsg-1+squeeze2_amd64.deb
 71f47b3ca8946f090aceeeced7475376c93d8fb6 9054028 
virtualbox-ose_3.2.10-dfsg-1+squeeze2_amd64.deb
 b3f1858141c5bacbf828eeb4347b19d79912342b 52107448 
virtualbox-ose-dbg_3.2.10-dfsg-1+squeeze2_amd64.deb
 dff8296d7840f52c8bac679a81a600a9b2ac66c2 549048 
virtualbox-ose-dkms_3.2.10-dfsg-1+squeeze2_all.deb
 e6e767e4c3bccd029d2bd4220ca0f21991a2ac2a 470604 
virtualbox-ose-source_3.2.10-dfsg-1+squeeze2_all.deb
 a928c5962d3b9c55f47f57eb09f6456cc460e7cc 477676 
virtualbox-ose-guest-dkms_3.2.10-dfsg-1+squeeze2_all.deb
 05299a0e93dc7c72b6ec8f348d4ebe87d37b4528 415736 
virtualbox-ose-guest-source_3.2.10-dfsg-1+squeeze2_all.deb
 9c54d9ba0c13e52490fb68a6ae72469059158c91 1407730 
virtualbox-ose-guest-x11_3.2.10-dfsg-1+squeeze2_amd64.deb
 84946509c9f0f25726b5fd40eb1feb9a57b6c0c8 513840 
virtualbox-ose-guest-utils_3.2.10-dfsg-1+squeeze2_amd64.deb
 8e4377c909904db1f2870602f06e86528429d274 39746 
virtualbox-ose-fuse_3.2.10-dfsg-1+squeeze2_amd64.deb
Checksums-Sha256: 
 95c6961e5f74c0980da4dc176bbf27b0b6821b808ad0b66e7e0a61e8b37ca07b 3044 
virtualbox-ose_3.2.10-dfsg-1+squeeze2.dsc
 28fe56081d726712338acd16f43d0e4a7324695229ab900bca02185ac2a97678 28641481 
virtualbox-ose_3.2.10-dfsg.orig.tar.gz
 a0f4b9d7428e7dad8cf23774a178f324b7f127146653c88b605e469f0bd5fe79 93737 
virtualbox-ose_3.2.10-dfsg-1+squeeze2.diff.gz
 dd53f04e0fdfd9f05e65bab7ab59d17c4d4c951a0904b250c9838b2134d8daa3 5000106 
virtualbox-ose-qt_3.2.10-dfsg-1+squeeze2_amd64.deb
 97b94660b06c137a2aed05700200e3076a26f80aa2abf18de80ba7c5e57afd80 9054028 
virtualbox-ose_3.2.10-dfsg-1+squeeze2_amd64.deb
 40e8df066a42c82dbcd6e6f7829aa51c9f6628cd1660cdda346cc6ec7e41cd09 52107448 
virtualbox-ose-dbg_3.2.10-dfsg-1+squeeze2_amd64.deb
 b8213857e36292acd2b509bed5728f55eec564e7476182a0dbe05b366a48809f 549048 
virtualbox-ose-dkms_3.2.10-dfsg-1+squeeze2_all.deb
 0dd644d49e6f52c4cb1abcfff24c500fcb1a74d940c34f7fe32e69fffebbc65b 470604 
virtualbox-ose-source_3.2.10-dfsg-1+squeeze2_all.deb
 ecdf2cc934bfdaaa99d0e08b6d6dcb1fe01cd72ae00008362a822ad34d84d121 477676 
virtualbox-ose-guest-dkms_3.2.10-dfsg-1+squeeze2_all.deb
 942fd3a9b533615d356d58a86f0d25848683e518c2bbbadc3dc8be6e2d585d49 415736 
virtualbox-ose-guest-source_3.2.10-dfsg-1+squeeze2_all.deb
 ae426f530281619dd26b7b4c7c86ab68fd2461053d3f270b8d4b7e39ec7aa517 1407730 
virtualbox-ose-guest-x11_3.2.10-dfsg-1+squeeze2_amd64.deb
 8b8755bbdd24b4c56f45daa47694839c2ca96af039f5cede17258feb89fa0a7c 513840 
virtualbox-ose-guest-utils_3.2.10-dfsg-1+squeeze2_amd64.deb
 dca9e0e0acac57f3191b93359aa9fe912a51a3efeb5d8c5fb7d736b168877bad 39746 
virtualbox-ose-fuse_3.2.10-dfsg-1+squeeze2_amd64.deb
Files: 
 22137e89b69a32c1bc51962dc9231566 3044 misc optional 
virtualbox-ose_3.2.10-dfsg-1+squeeze2.dsc
 ae6a33c6f2a2281e01458f8860892124 28641481 misc optional 
virtualbox-ose_3.2.10-dfsg.orig.tar.gz
 3a1b6cbccc970690ca7b344bcd326528 93737 misc optional 
virtualbox-ose_3.2.10-dfsg-1+squeeze2.diff.gz
 d06ac4475f2808a4f3579d080da1d793 5000106 misc optional 
virtualbox-ose-qt_3.2.10-dfsg-1+squeeze2_amd64.deb
 bf8cd4e55000cc99247e0091af754dc1 9054028 misc optional 
virtualbox-ose_3.2.10-dfsg-1+squeeze2_amd64.deb
 aebe62a4adc4f268612ac792331f8def 52107448 debug extra 
virtualbox-ose-dbg_3.2.10-dfsg-1+squeeze2_amd64.deb
 9ce2b998433e3e2202d39acd5b08aab6 549048 kernel optional 
virtualbox-ose-dkms_3.2.10-dfsg-1+squeeze2_all.deb
 343c6e77f28ceeea4b2d4c6c9b2438a7 470604 kernel optional 
virtualbox-ose-source_3.2.10-dfsg-1+squeeze2_all.deb
 ed1fac8811e8ec73a570e92c1cdfbb8f 477676 kernel optional 
virtualbox-ose-guest-dkms_3.2.10-dfsg-1+squeeze2_all.deb
 bd46c3c2bf012d425928c79282706715 415736 kernel optional 
virtualbox-ose-guest-source_3.2.10-dfsg-1+squeeze2_all.deb
 fe98f743521819504613928d5c7e2600 1407730 x11 optional 
virtualbox-ose-guest-x11_3.2.10-dfsg-1+squeeze2_amd64.deb
 fc34253c93823441e088ff41a2f913e6 513840 misc optional 
virtualbox-ose-guest-utils_3.2.10-dfsg-1+squeeze2_amd64.deb
 7ffbcc2193ceab5c2587b810c94f99b5 39746 misc optional 
virtualbox-ose-fuse_3.2.10-dfsg-1+squeeze2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJTHMcdAAoJEP4ixv2DE11FM6gP/jNclBy/PFI42FfZVoTGryi4
oHjkaqufhn/sDTheleLf7E4K6QxyOTZLnMIx9hWAjhIxPy6edLsae5XPE2LsYdYP
/8xN+g2qVjdDcAIl3NRtMQyMP27FohagJP2jVdkpbfoMxvn7TRy8jeoiWjGcJhRI
uD2uzAVUYT9FVAMVE2ayFvpVR5F9Conxd5M7hIGX9fXIR0zfT60ZgLqK4VXIUg9g
HtCFon8uPwsmHyBqmNhu0TypAySxLSPQ17l4cGCVIDKFCEr21sRLBSrC3+epg21t
genVFGlraq07Lo7LlUGlp84775p09PllQKiXIERevqhOZzvE9z1P2V8ryzS0ukY9
6gi0MPb0qoJpAPsw2w9W8p0mKHXXQ1jB9NYJ/5zDGtNPB1PxLsQAHey2NM+/9kNJ
toZaUcPhkCoxeXApgHYpvWn5XEve5NaE24xWklCCDWCl/xwd7ktvTVqS5WvLWlnl
CpH9h/w5aUsITdEWakt3Rs5Zs+F6wNr7Q8XRUkrrzv09TNEymkamCOUN4al7RlGP
4zpB2tsA24r9Qne2hZAGQS4ib5qx1k5iMBWSywH9U+saNuIHeGdDAnCJU02a6RUh
/zwOvu/TxbE34wRK+ooBgS4oivUWl6MFGAaGrNalwZaiKfajQbWInpYqbd7JZwez
6Yrzwqdh+dUXPdsC5MvY
=nF8X
-----END PGP SIGNATURE-----

--- End Message ---