Your message dated Fri, 22 May 2015 10:24:56 +0000 with message-id <e1yvk8o-0007sy...@franck.debian.org> and subject line Bug#785424: fixed in virtualbox 4.3.28-dfsg-1 has caused the Debian Bug report #785424, regarding virtualbox: CVE-2015-3456: floppy driver host code execution to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 785424: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785424 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: virtualbox Version: 4.1.18-dfsg-1 Severity: grave Tags: security upstream fixed-upstream Justification: user security hole Hi, the following vulnerability was published for virtualbox. CVE-2015-3456[0]: | The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and | earlier and KVM, allows local guest users to cause a denial of service | (out-of-bounds write and guest crash) or possibly execute arbitrary | code via the (1) FD_CMD_READ_ID, (2) | FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka | VENOM. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-3456 [1] http://www.oracle.com/technetwork/topics/security/alert-cve-2015-3456-2542656.html Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: virtualbox Source-Version: 4.3.28-dfsg-1 We believe that the bug you reported is fixed in the latest version of virtualbox, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 785...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Ritesh Raj Sarraf <r...@debian.org> (supplier of updated virtualbox package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Thu, 14 May 2015 09:36:52 +0200 Source: virtualbox Binary: virtualbox-qt virtualbox virtualbox-dbg virtualbox-dkms virtualbox-source virtualbox-guest-dkms virtualbox-guest-source virtualbox-guest-x11 virtualbox-guest-utils Architecture: source amd64 all Version: 4.3.28-dfsg-1 Distribution: unstable Urgency: medium Maintainer: Debian Virtualbox Team <pkg-virtualbox-de...@lists.alioth.debian.org> Changed-By: Ritesh Raj Sarraf <r...@debian.org> Description: virtualbox - x86 virtualization solution - base binaries virtualbox-dbg - x86 virtualization solution - debugging symbols virtualbox-dkms - x86 virtualization solution - kernel module sources for dkms virtualbox-guest-dkms - x86 virtualization solution - guest addition module source for dk virtualbox-guest-source - x86 virtualization solution - guest addition module source virtualbox-guest-utils - x86 virtualization solution - non-X11 guest utilities virtualbox-guest-x11 - x86 virtualization solution - X11 guest utilities virtualbox-qt - x86 virtualization solution - Qt based user interface virtualbox-source - x86 virtualization solution - kernel module source Closes: 785161 785424 785655 Changes: virtualbox (4.3.28-dfsg-1) unstable; urgency=medium . * New upstream release (Closes: #785655). - fix for CVE-2015-3456 a.k.a. VENOM (Closes: #785424) - patch refresh. - remove d/p/37-diff_smap_4.patch. * Remove MAKE=kmk on virtualbox{,-guest}-source.files/rules (Closes: #785161). Upstream doesn't recommend using kmk to build kernel modules. this reverts 63fa6b7b86035b53e8d053b894814eccac9ce595 * Add gbp.conf file. Checksums-Sha1: ab164544939574ef54443fb8f7ae2d4c93eb6dcf 3708 virtualbox_4.3.28-dfsg-1.dsc e8b246c3967eb1f38b11864810ed41ce089192d5 45332156 virtualbox_4.3.28-dfsg.orig.tar.xz b01e5b6b554f07d29a569a64a51843685054e680 74600 virtualbox_4.3.28-dfsg-1.debian.tar.xz 3c8651dbbd7bb000f1cede58223490b6c2b34da8 580434 virtualbox-dkms_4.3.28-dfsg-1_all.deb 78c4c812db95c528f9769a4a420475b0b03effa5 684974 virtualbox-source_4.3.28-dfsg-1_all.deb 4e1c2d911585b877520b3de7df0219debd02b374 491098 virtualbox-guest-dkms_4.3.28-dfsg-1_all.deb d8b335453ce15cb58a5b03b10b809c00602ae152 592640 virtualbox-guest-source_4.3.28-dfsg-1_all.deb Checksums-Sha256: 9da0095199fcf55ff03d9e6630ffbfe1e88da4650995905e9ceea0fcdec77480 3708 virtualbox_4.3.28-dfsg-1.dsc e352fd81058eb7130bccc0bb988a35b23dd30de2e56d4c7bd9963385f31c6e63 45332156 virtualbox_4.3.28-dfsg.orig.tar.xz 48a688746fb34ea1900afb0aa167439025e30ec3beccbb002943d4584bc19b20 74600 virtualbox_4.3.28-dfsg-1.debian.tar.xz 82d5aa31a20d9fa2d91529163ac5e3c637f6707cda6dc039fba8c530da888fbf 580434 virtualbox-dkms_4.3.28-dfsg-1_all.deb fe718eefadaee803af153974a3d07e48345db5cbd2e708b82d19851ab9d76a95 684974 virtualbox-source_4.3.28-dfsg-1_all.deb cd8b954c8fcbbc5d18e0940f14ff5c958908f29c4d65c8b410219cf3d6dd4d24 491098 virtualbox-guest-dkms_4.3.28-dfsg-1_all.deb 8db82d5281bf17e4172fdd66a6bad219e9ba1d6fca09b362088a447b9c0d0d46 592640 virtualbox-guest-source_4.3.28-dfsg-1_all.deb Files: 61176a814a053b236597422a68848b52 3708 contrib/misc optional virtualbox_4.3.28-dfsg-1.dsc aab98af4c0859ed61fb7fb53f4cd794d 45332156 contrib/misc optional virtualbox_4.3.28-dfsg.orig.tar.xz f9919dac14f9db2ac986e3be6787e962 74600 contrib/misc optional virtualbox_4.3.28-dfsg-1.debian.tar.xz a94742d635eee4b3d7f926f25aa2394a 580434 contrib/kernel optional virtualbox-dkms_4.3.28-dfsg-1_all.deb 7dcb2dbd7d7c8b91e1f4be748ad91313 684974 contrib/kernel optional virtualbox-source_4.3.28-dfsg-1_all.deb becc58972b9090d6f085ec27d130e263 491098 contrib/kernel optional virtualbox-guest-dkms_4.3.28-dfsg-1_all.deb e3e664aa5401e52df936bda3ddc1d591 592640 contrib/kernel optional virtualbox-guest-source_4.3.28-dfsg-1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVXuJAAAoJEKY6WKPy4XVpwk4P+wbkZ7XNaDBVRSaLZz33V2IE dIorC1ufOWsZvRJxOi832qwcq/sclBiNl9JLMaexieH0FwXbZB3eXlz9IK3nQMLN 9yMU+aqmkQ46vGzK/muRA6nhXHBzssbYIlNCSeI+/JV/2/Whqo0lO3PZ0ZAUezfv uPAU8C459xGcDpq0avXLwGu5dDS+YhsmO2lgTFCgH3lwBZ0oGQz5//xCaXP3RTHT xdilEmrqkoBdimBg15RwhcXjQ/+FlH7Kl8Py6W/c6RmSMfRHGwhoqDbV9QmzKkbd bGiohX7DlK3jdhS1hhIDWXzE+TFXBUO0PeLZyq9rT//Opd9af+G5cV8lYk65MhTD 6mGkqAMLhM54qkki4YjJZ8cRxNWbsi3jEpz0T5fZC4cmj81bPbnqXDR66J86pFNQ Noif3LrCt4Q1biI0PxEUG/R6W1ZBRmNIhz2u4GibxtAwAH+SPmdB6aT790oOefzb 2cVwhA91eAdbCpqbbDpQIZ8imExyBm58UFK8HRVys1NFBpOvuI+yW/r5nILRP8N6 lsS/ceCu/CLS7I46UHqPvLGdXmxr+fWFREqfAmetBTOc9hPXNeQD/Withv05KIdJ XN/npew4aHvNAHiK2HhXMXebvWZ/zwGVQOE6VoEHp/O+As7MX+N19Ai/aeYwkcD/ UZv/F8Kgvh/sE3SoFs0/ =3yn4 -----END PGP SIGNATURE-----
--- End Message ---
