Bug#785424: Re: [vbox-dev] CVE-2015-3456 aka VENOM

the VirtualBox code is inherited from Qemu but the code is not the same. Yes, we are sure the bug is fixed in VBox 4.3.28. Kind regards, Frank -- Dr.-Ing. Frank Mehnert | Software Development Director, VirtualBox ORACLE Deutschland B.V. Co. KG | Werkstr. 24 | 71384 Weinstadt, Germany ORACLE

Bug#785424: Re: Bug#785424: [Pkg-virtualbox-devel] Bug#785424: virtualbox: CVE-2015-3456: floppy driver host code execution

affected? cheers, Gianfranco Il Lunedì 18 Maggio 2015 20:36, Frank Mehnert frank.mehn...@oracle.com ha scritto: Hi Gianfranco, could you also have a look here? https://www.virtualbox.org/ticket/14128#comment:1 This is regarding the 4.3.18 Jessie package. Thanks

Bug#785424: [Pkg-virtualbox-devel] Bug#785424: virtualbox: CVE-2015-3456: floppy driver host code execution

-- Dr.-Ing. Frank Mehnert | Software Development Director, VirtualBox ORACLE Deutschland B.V. Co. KG | Werkstr. 24 | 71384 Weinstadt, Germany ORACLE Deutschland B.V. Co. KG Hauptverwaltung: Riesstraße 25, D-80992 München Registergericht: Amtsgericht München, HRA 95603 Komplementärin: ORACLE

Bug#775888: [vbox-dev] Fwd: Re: Bug#775888: virtualbox: CVE-2014-6588 CVE-2014-6589 CVE-2014-6590 CVE-2014-6595 CVE-2015-0418 CVE-2015-0427

4.2.x and older) CVE-2014-0224: this is related to OpenSSL and therefore not a problem for Linux distributions as you compile your code against the distro-specific OpenSSL implementation. Frank -- Dr.-Ing. Frank Mehnert | Software Development Director, VirtualBox

Bug#775888: Re: [vbox-dev] Fwd: Re: Bug#775888: virtualbox: CVE-2014-6588 CVE-2014-6589 CVE-2014-6590 CVE-2014-6595 CVE-2015-0418 CVE-2015-0427

branch. 4.3.20 (not affected at all I presume) Correct, already contains fixes for all these problems. Frank -- Dr.-Ing. Frank Mehnert | Software Development Director, VirtualBox ORACLE Deutschland B.V. Co. KG | Werkstr. 24 | 71384 Weinstadt, Germany Hauptverwaltung: Riesstr. 25, D-80992 München

Bug#698292: [Pkg-virtualbox-devel] Bug#698292: virtualbox: CVE-2013-0420

-1515902.html Can you contact upstream for an isolated patch to apply to Wheezy? The fix can be found in https://www.virtualbox.org/changeset/44055/vbox Please ignore the change in DevVGA.h, this change is not necessary. Kind regards, Frank -- Dr.-Ing. Frank Mehnert | Software Development

Bug#690777: [Pkg-virtualbox-devel] Bug#690777: virtualbox: CVE-2012-3221

/ Kind regards, Frank -- Dr.-Ing. Frank Mehnert | Software Development Director, VirtualBox ORACLE Deutschland B.V. Co. KG | Werkstr. 24 | 71384 Weinstadt, Germany Hauptverwaltung: Riesstr. 25, D-80992 München Registergericht: Amtsgericht München, HRA 95603 Geschäftsführer: Jürgen Kunz

Bug#625658: [Pkg-virtualbox-devel] Bug#625658: virtualbox-ose: FTBFS for xorg-server 1.10 rebuild: ** gcc version 4.6.1 found, expected gcc 3.x with x1 or gcc 4.x with 0x5!

...@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-virtualbox-devel -- ORACLE Deutschland B.V. Co. KG Dr.-Ing. Frank Mehnert Werkstrasse 24 Staff Engineer, VirtualBox 71384 Weinstadt, Germany mailto:frank.mehn...@oracle.com Hauptverwaltung

Bug#596669: [Pkg-virtualbox-devel] Bug#596669: copyright issues in virtualbox-ose-3.2.6-dfsg/src/apps/svnsync-vbox/Makefile{, .kmk}

regards, Frank -- ORACLE Deutschland B.V. Co. KG Dr.-Ing. Frank Mehnert Werkstrasse 24 Staff Engineer, VirtualBox 71384 Weinstadt, Germany mailto:frank.mehn...@oracle.com Hauptverwaltung: Riesstr. 25, D-80992 München Registergericht: Amtsgericht München, HRA 95603

Bug#574662: virtualbox-ose-guest-x11: vboxvideo incompatible with 2.6.32-4 kernel

Should be fixed in the upcoming version 3.1.6. Fix can be found here: http://www.virtualbox.org/changeset/27248 Kind regards, Frank -- Dr.-Ing. Frank Mehnert Sitz der Gesellschaft: Sun Microsystems GmbH, Sonnenallee 1, 85551 Kirchheim-Heimstetten Amtsgericht München: HRB 161028

Bug#554385: [Pkg-virtualbox-devel] Bug#554385: virtualbox-ose-source does not compile for kernel 2.6.31-1

sources. Kind regards, Frank -- Dr.-Ing. Frank Mehnert Sitz der Gesellschaft: Sun Microsystems GmbH, Sonnenallee 1, 85551 Kirchheim-Heimstetten Amtsgericht München: HRB 161028 Geschäftsführer: Thomas Schröder, Wolfgang Engels, Wolf Frenkel Vorsitzender des Aufsichtsrates: Martin Häring signature.asc

Bug#504149: [Pkg-virtualbox-devel] Bug#504149: virtualbox-ose: symlink vulnerability due to bad /tmp handling

up /tmp/.vbox-$USER-ipc/ when exiting, which is just rude. We will fix that later. I hope our fix is sufficient. The changesets r13788, r13807, r13809, r13810 should check the permissions. These changesets should apply to 1.6.6 and 2.0 as well. Kind regards, Frank -- Dr.-Ing. Frank Mehnert

Bug#479046: [Pkg-virtualbox-devel] Bug#479046: kbuild

1.6.0-OSE builds fine here with that kBuild version (svn 1587). You really might consider backporting this fix to 1.5. Frank -- Dr.-Ing. Frank MehnertSun Microsystemshttp://www.sun.com/ signature.asc Description: This is a digitally signed message part.

Bug#304188: Does 0.6.4-4.12 work properly?

Yes, 0.6.4-4.12 (from current sarge) works if /usr is mounted via nfs. Frank -- ## Dept. of Computer Science, Dresden University of Technology, Germany ## ## http://os.inf.tu-dresden.de/~fm3 ## pgpx3H50bUnxC.pgp Description: PGP signature

Bug#296397: aspell-de broken again

Package: aspell-de Version: 0.60-20030222-1-2 Severity: grave Justification: renders package unusable aspell --lang=de -c file gives me the error Unhandled Error: The method clear is unimplemented in WritableDict. Aborted while aspell --lang=en -c file works correctly. It seems that