diff -Nru virtualbox-4.3.18-dfsg/debian/changelog virtualbox-4.3.18-dfsg/debian/changelog --- virtualbox-4.3.18-dfsg/debian/changelog 2014-10-18 12:18:15.000000000 +0200 +++ virtualbox-4.3.18-dfsg/debian/changelog 2015-01-22 14:35:05.000000000 +0100 @@ -1,3 +1,13 @@ +virtualbox (4.3.18-dfsg-2) unstable; urgency=high + + [ Frank Mehnert ] + * d/rules: Disable experimental code by exporting + VBOX_WITH_VMSVGA= VBOX_WITH_VMSVGA3D= + this fixes CVE-2014-6595, CVE-2014-6590, CVE-2014-6589, + CVE-2014-6588 and CVE-2015-0427. (Closes: #775888) + + -- Gianfranco Costamagna Thu, 22 Jan 2015 10:51:40 +0100 + virtualbox (4.3.18-dfsg-1) unstable; urgency=medium [ Gianfranco Costamagna ] diff -Nru virtualbox-4.3.18-dfsg/debian/rules virtualbox-4.3.18-dfsg/debian/rules --- virtualbox-4.3.18-dfsg/debian/rules 2014-10-18 12:17:45.000000000 +0200 +++ virtualbox-4.3.18-dfsg/debian/rules 2015-01-22 14:35:05.000000000 +0100 @@ -64,7 +64,12 @@ VBOX_BUILD_PUBLISHER=_$(DIST_NAME) \ VBOX_WITH_REGISTRATION_REQUEST= \ VBOX_WITH_UPDATE_REQUEST= \ - KBUILD_VERBOSE=2 + KBUILD_VERBOSE=2 \ + VBOX_WITH_VMSVGA= \ + VBOX_WITH_VMSVGA3D= + +# VBOX_WITH_VMSVGA and VBOX_WITH_VMSVGA3D are only for versions prior to 4.3.20 to fix CVE-2014-6595, CVE-2014-6590, CVE-2014-6589, CVE-2014-6588 and CVE-2015-0427 + xsltproc --nonet --stringparam section.autolabel 1 \ -o debian/README.Debian.html \