Hi Aron,
can you please also followup on squeeze-bpo?
(might need a kbuild backport to make it build)
cheers,
(thanks)
G.
Il Martedì 27 Gennaio 2015 13:57, Aron Xu happyaron...@gmail.com ha scritto:
I'll follow-up in wheezy-backports this weekend, at that time it
should land in jessie
On 01/27/2015 03:51 PM, Moritz Mühlenhoff wrote:
Please find attached the debdiff. Please give me an ACK, and then I'll
do the upload.
Looks good to me. Please upload to security-master, I'll take care of
the update.
Thanks Moritz. The upload is done.
--
Ritesh Raj Sarraf |
I'll check, if that's not too complicated I'll do it.
Cheers,
Aron
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
On 01/26/2015 10:51 PM, Moritz Mühlenhoff wrote:
Moritz,
For unstable, I've pushed the upload an d asked for an exception.
I've added the VMSVGA fixes to the security tracker, but there are also
two issues in Core, which apply to wheezy/jessie:
Could you please check back with upstream
Hi Moritz, please read carefully this thread :)
Could you please check back with upstream on CVE-2015-0377 and CVE-2015-0418?
jessie is not affected, and wheezy has already the patch on this thread
the two CVEs are for VirtualBox prior to 3.2.26, 4.0.28, 4.1.36, 4.2.28
so 4.3 not affected.
On Mon, Jan 26, 2015 at 09:14:55PM +0530, Ritesh Raj Sarraf wrote:
On 01/26/2015 09:07 PM, Ritesh Raj Sarraf wrote:
On 01/21/2015 01:23 PM, Moritz Muehlenhoff wrote:
In the past someone from upstream posted the upstream commits to the
bug log, maybe you can contact them for more information
On Tue, Jan 27, 2015 at 09:53:45AM +, Gianfranco Costamagna wrote:
Hi Moritz, please read carefully this thread :)
Could you please check back with upstream on CVE-2015-0377 and CVE-2015-0418?
jessie is not affected, and wheezy has already the patch on this thread
the two CVEs are
I'll follow-up in wheezy-backports this weekend, at that time it
should land in jessie already.
Best,
Aron
On Tue, Jan 27, 2015 at 6:21 PM, Moritz Mühlenhoff j...@inutil.org wrote:
On Mon, Jan 26, 2015 at 09:14:55PM +0530, Ritesh Raj Sarraf wrote:
On 01/26/2015 09:07 PM, Ritesh Raj Sarraf
On 01/21/2015 01:23 PM, Moritz Muehlenhoff wrote:
In the past someone from upstream posted the upstream commits to the
bug log, maybe you can contact them for more information so that we
can merge the isolated fixes into the jessie version? Cheers, Moritz
Moritz,
For unstable, I've pushed
On 01/26/2015 09:07 PM, Ritesh Raj Sarraf wrote:
On 01/21/2015 01:23 PM, Moritz Muehlenhoff wrote:
In the past someone from upstream posted the upstream commits to the
bug log, maybe you can contact them for more information so that we
can merge the isolated fixes into the jessie version?
On Mon, Jan 26, 2015 at 09:07:19PM +0530, Ritesh Raj Sarraf wrote:
On 01/21/2015 01:23 PM, Moritz Muehlenhoff wrote:
In the past someone from upstream posted the upstream commits to the
bug log, maybe you can contact them for more information so that we
can merge the isolated fixes into the
Hi all,
so to sum everything up:
experimental: NOT AFFECTED.
jessie: fixed all of them by disabling the code (attached jessie-debdiff)
wheezy: fixed CVE-2015-0377, CVE-2015-0418
wheezy-bpo: I propose to backport the new 4.3.18 into bpo when it reaches
testing.
squeeze: no virtualbox there
Hi,
On Wednesday 21 January 2015 18:55:40 Ritesh Raj Sarraf wrote:
The recently declared CVEs for VBox have fixes mentioned only in the
4.3.20 release.
Debian Jessie is frozen, and for it, we have targeted the 4.3.18
release. Do you have the broken out patches that fix the vulnerabilities ?
Hi Frank,
that code does only exist in VBox 4.3.x, older branches are not affected.
wonderful
Attached.
wonderful
These patches are against the latest code in the respective branches but
I hope they apply to these old versions. Sorry but it's not possible to
support such old versions, we
On Wed, Jan 21, 2015 at 01:15:53PM +0530, Ritesh Raj Sarraf wrote:
On 01/21/2015 12:53 PM, Moritz Muehlenhoff wrote:
Package: virtualbox
Severity: grave
Tags: security
Justification: user security hole
No specific details available yet:
Yes. We'll talk to the upstream folks.
s3nt fr0m a $martph0ne, excuse typ0s
On Jan 21, 2015 1:28 PM, Moritz Muehlenhoff j...@inutil.org wrote:
On Wed, Jan 21, 2015 at 01:15:53PM +0530, Ritesh Raj Sarraf wrote:
On 01/21/2015 12:53 PM, Moritz Muehlenhoff wrote:
Package: virtualbox
Hi Gianfranco,
On Wednesday 21 January 2015 14:28:53 Gianfranco Costamagna wrote:
the most CVEs from that CPU are related to the experimental VMSVGA
implementation. This code is not documented and not announced and
regular users will not use it. Therefore I suggest you to just disable
that
Hi Frank
the most CVEs from that CPU are related to the experimental VMSVGA
implementation. This code is not documented and not announced and
regular users will not use it. Therefore I suggest you to just disable
that code by setting
VBOX_WITH_VMSVGA=
VBOX_WITH_VMSVGA3D=
This will
Package: virtualbox
Severity: grave
Tags: security
Justification: user security hole
No specific details available yet:
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a
On 01/21/2015 12:53 PM, Moritz Muehlenhoff wrote:
Package: virtualbox
Severity: grave
Tags: security
Justification: user security hole
No specific details available yet:
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
Cheers,
Moritz
The following
20 matches
Mail list logo