This bug was fixed in the package virtualbox-lts-xenial -
4.3.36-dfsg-1+deb8u1ubuntu1.14.04.1~14.04.6
---
virtualbox-lts-xenial (4.3.36-dfsg-1+deb8u1ubuntu1.14.04.1~14.04.6) trusty;
urgency=medium
* debian/patches/fix-for-guest-to-host-escape-vulnerability.patch:
- Apply patch
** Also affects: virtualbox (Ubuntu Xenial)
Importance: Undecided
Status: New
** Changed in: virtualbox (Ubuntu Xenial)
Importance: Undecided => High
** Changed in: virtualbox (Ubuntu Xenial)
Status: New => Fix Released
--
You received this bug notification because you are a
I confirm the patch is there, the package build and the packaging is in
sync with vbox trusty now.
the CVE is probably not exploitable with lts-xenial because only guest
tools are built, so the verification is not useful/possible.
** Tags removed: verification-needed verification-needed-trusty
*
** Also affects: virtualbox (Ubuntu Cosmic)
Importance: Undecided
Status: New
** Changed in: virtualbox (Ubuntu Cosmic)
Status: New => Fix Released
** Changed in: virtualbox (Ubuntu Cosmic)
Importance: Undecided => High
** Also affects: virtualbox (Ubuntu Bionic)
Importanc
Hello Martin, or anyone else affected,
Accepted virtualbox-lts-xenial into trusty-proposed. The package will
build now and be available at https://launchpad.net/ubuntu/+source
/virtualbox-lts-xenial/4.3.36-dfsg-1+deb8u1ubuntu1.14.04.1~14.04.6 in a
few hours, and then in the -proposed repository.
This bug was fixed in the package virtualbox -
5.2.18-dfsg-2~ubuntu18.04.3
---
virtualbox (5.2.18-dfsg-2~ubuntu18.04.3) bionic-security; urgency=medium
* debian/patches/fix-for-guest-to-host-escape-vulnerability.patch:
- Apply patch for guest-to-host escape vulnerability (LP: #1
This bug was fixed in the package virtualbox - 5.2.18-dfsg-
2ubuntu18.10.1
---
virtualbox (5.2.18-dfsg-2ubuntu18.10.1) cosmic-security; urgency=medium
* debian/patches/fix-for-guest-to-host-escape-vulnerability.patch:
- Apply patch for guest-to-host escape vulnerability (LP: #18
This bug was fixed in the package virtualbox -
4.3.36-dfsg-1+deb8u1ubuntu1.14.04.2
---
virtualbox (4.3.36-dfsg-1+deb8u1ubuntu1.14.04.2) trusty-security; urgency=medium
* debian/patches/fix-for-guest-to-host-escape-vulnerability.patch:
- Apply patch for guest-to-host escape vulne
for trusty, as you wish! my update is based on this one, so better go
ahead with this fix and wait for the other to land later, or go ahead
with the other and avoid this upload, as you want!
the 4.3.40 update contains this fix, so you can use the approach you
prefer.
I would say since this is mos
It truly does!
Thanks for the debdiffs.
Regarding trusty, my colleague mentioned that you will do a version update,
does it include this fix or should I update trusty anyway?
Thanks again
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the
did I already say how java makes our life look sad?
new revision attached.
** Patch added: "vbox-cosmic3.debdiff"
https://bugs.launchpad.net/ubuntu/+source/virtualbox/+bug/1809156/+attachment/5231086/+files/vbox-cosmic3.debdiff
--
You received this bug notification because you are a member
Hello Eduardo:
I was wondering if anyone had version 5.2.18-dfsg-2 installed and didn't do
updates ever since, but this is a rare case.
that version is the base in cosmic, so if anybody has it installed is not on
xenial anymore...
please don't make confusion between 5.0.18 and 5.2.18 :)
If you l
Hi Gianfranco,
>It is possible that the current version 5.2.18-dfsg-2~ubuntu18.04.1 is not
>installed on some systems.
>> how?
I was wondering if anyone had version 5.2.18-dfsg-2 installed and didn't
do updates ever since, but this is a rare case.
>>5.2.18-dfsg-2~ubuntu18.04.1 updates (multiver
>5.2.18-dfsg-2ubuntu18.04.2 will supersede 5.2.18-dfsg-2 (if anyone
still have it installed) and will supersede 5.2.18-dfsg-2~ubuntu18.04.1
(incorrect version number).
the version number is *not* incorrect.
it has been used as "backport", because cosmic had the same version, so it was
used to mai
5.2.18-dfsg-2~ubuntu18.04.1 updates (multiverse)2018-11-26
5.2.10-dfsg-6 release (multiverse)2018-04-27
it should be there, and in any case, 5.2.18-dfsg-2~ubuntu18.04.2 will
guarantee the upgrade path from bionic/release, previous ubuntu
releases, and upgrades to cosmic release/upda
>It is possible that the current version 5.2.18-dfsg-2~ubuntu18.04.1 is
not installed on some systems.
how?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1809156
Title:
E1000 guest to host
Hi Giangranco,
Thanks for providing debdiffs for the trusty and xenial!
Regarding the version on bionic, it will be 5.2.18-dfsg-2ubuntu18.04.2.
It is possible that the current version 5.2.18-dfsg-2~ubuntu18.04.1 is
not installed on some systems.
5.2.18-dfsg-2ubuntu18.04.2 will supersede 5.2.18-
xenial debdiff
** Patch added: "vbox-xenial.debdiff"
https://bugs.launchpad.net/ubuntu/+source/virtualbox/+bug/1809156/+attachment/5229948/+files/vbox-xenial.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://
cosmic debdiff
** Patch added: "vbox-cosmic.debdiff"
https://bugs.launchpad.net/ubuntu/+source/virtualbox/+bug/1809156/+attachment/5229950/+files/vbox-cosmic.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://
trusty debdiff
** Patch added: "vbox-trusty.debdiff"
https://bugs.launchpad.net/ubuntu/+source/virtualbox/+bug/1809156/+attachment/5229947/+files/vbox-trusty.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://
bionic debdiff
** Patch added: "vbox-bionic.debdiff"
https://bugs.launchpad.net/ubuntu/+source/virtualbox/+bug/1809156/+attachment/5229949/+files/vbox-bionic.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://
@ebarretto I would prefer it to be called something like:
5.2.18-dfsg-3~ubuntu18.04.2 instead, just bumping the last number.
trusty: 4.3.36-dfsg-1+deb8u1ubuntu1.14.04.1 ->
4.3.36-dfsg-1+deb8u1ubuntu1.14.04.2
xenial: 5.1.38-dfsg-0ubuntu1.16.04.1 -> 5.1.38-dfsg-0ubuntu1.16.04.2
bionic: 5.2.18-d
Hello, the patch looks correct
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1809156
Title:
E1000 guest to host escape
To manage notifications about this bug go to:
https://bugs.launchpad.n
Thanks for testing!!
Great catch on the versioning.
It actually needs to be 5.2.18-dfsg-2ubuntu18.14.2 (it could also be
5.2.18-dfsg-2ubuntu18.14.1, but I think this will be confusing for those
who check the changelog).
It can't be 5.2.18-dfsg-3~ubuntu18.14.1 because that would mean that we
are
The package seems to work correctly. Note however that I had to confirm
to downgrade when installing the package on cosmic. Turns out something
is wrong with the version numbers in the changelog file:
$ zgrep virtualbox /usr/share/doc/virtualbox/changelog.Debian.gz | head -3
virtualbox (5.2.18-dfs
** Changed in: virtualbox (Ubuntu)
Status: Confirmed => In Progress
** Changed in: virtualbox (Ubuntu)
Importance: Undecided => High
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/180
Hi Martin,
Thanks for providing a debdiff!
I've done some slight changes to it so it could be applied to bionic.
We built it on our PPA, could please test it?
https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/+packages
We will be uploading to that same PPA a new version for co
** Patch added: "virtualbox_5.2.18-dfsg-3.debdiff"
https://bugs.launchpad.net/ubuntu/+source/virtualbox/+bug/1809156/+attachment/5227298/+files/virtualbox_5.2.18-dfsg-3.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report
The attachment "virtualbox_5.2.18-dfsg-3.debdiff" seems to be a debdiff.
The ubuntu-sponsors team has been subscribed to the bug report so that
they can review and hopefully sponsor the debdiff. If the attachment
isn't a patch, please remove the "patch" flag from the attachment,
remove the "patch"
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: virtualbox (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1809156
Thanks Martin; someone will probably give this a good look next week. In
the meantime, I noticed that the patch doesn't indicate who authored the
patch or where it came from -- could you amend the debdiff to include an
URL where the upstream patch could be compared? (Best is to use the
dep-3 tags:
31 matches
Mail list logo