virtualbox: CVE-2013-5892 CVE-2014-0407 CVE-2014-0406 CVE-2014-0404

Debian Bug report logs - #735410
virtualbox: CVE-2013-5892 CVE-2014-0407 CVE-2014-0406 CVE-2014-0404

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@inutil.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: virtualbox: CVE-2013-5892 CVE-2014-0407 CVE-2014-0406 CVE-2014-0404

Date: Wed, 15 Jan 2014 09:19:56 +0100

Package: virtualbox
Severity: grave
Tags: security

http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html

Several vulnerabilities have been reported in VirtualBox. Details are scarce, so
please get in touch with upstream for more information on eventual backports
to oldstable/stable. Judging from the CVSS scores this is likely only local
denial of service, in that case we likely don't need a DSA.

CVE-2013-5892   
CVE-2014-0407
CVE-2014-0406
CVE-2014-0404

In addition CVE-2014-0405 seems to affect virtualbox-guest-additions-iso from non-free

Cheers,
        Moritz

Message #10 received at 735410@bugs.debian.org (full text, mbox, reply):

From: Felix Geyer <fgeyer@debian.org>

To: Moritz Muehlenhoff <jmm@inutil.org>, 735410@bugs.debian.org

Subject: Re: Bug#735410: virtualbox: CVE-2013-5892 CVE-2014-0407 CVE-2014-0406 CVE-2014-0404

Date: Tue, 28 Jan 2014 22:26:06 +0100

[Message part 1 (text/plain, inline)]

On 15.01.2014 09:19, Moritz Muehlenhoff wrote:
> Package: virtualbox
> Severity: grave
> Tags: security
> 
> http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
> 
> Several vulnerabilities have been reported in VirtualBox. Details are scarce, so
> please get in touch with upstream for more information on eventual backports
> to oldstable/stable. Judging from the CVSS scores this is likely only local
> denial of service, in that case we likely don't need a DSA.
> 
> CVE-2013-5892   
> CVE-2014-0407
> CVE-2014-0406
> CVE-2014-0404

Upstream kindly provided a patch that fixes the 4 CVEs. Attached are yet untested
debdiffs for wheezy and squeeze.
Do you want to handle this through a security update?
According to upstream the vulnerabilities are mostly about users on the VM being able
to crash their VM. No ways to execute code on the host are known.

> In addition CVE-2014-0405 seems to affect virtualbox-guest-additions-iso from non-free

I guess we can't really fix that. The only option would be to upgrade the package
to 4.1.30 / 3.2.12.

Regards,
Felix

[virtualbox_4.1.18-dfsg-2+deb7u2.debdiff (text/plain, attachment)]

[virtualbox-ose_3.2.10-dfsg-1+squeeze2.debdiff (text/plain, attachment)]

[signature.asc (application/pgp-signature, attachment)]

Message #15 received at 735410@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@inutil.org>

To: Felix Geyer <fgeyer@debian.org>

Cc: 735410@bugs.debian.org

Subject: Re: Bug#735410: virtualbox: CVE-2013-5892 CVE-2014-0407 CVE-2014-0406 CVE-2014-0404

Date: Wed, 29 Jan 2014 08:56:19 +0100

On Tue, Jan 28, 2014 at 10:26:06PM +0100, Felix Geyer wrote:
> Do you want to handle this through a security update?
> According to upstream the vulnerabilities are mostly about users on the VM being able
> to crash their VM. No ways to execute code on the host are known.

I that case we don't need a DSA 

Could you fix this in a point release?
http://www.debian.org/doc/manuals/developers-reference/pkgs.html#upload-stable

Cheers,
        Moritz

Message #20 received at 735410@bugs.debian.org (full text, mbox, reply):

From: Matthew Daley <mattd@bugfuzz.com>

To: 735410@bugs.debian.org

Subject: Information on recent VBox CVEs

Date: Sun, 9 Feb 2014 01:14:08 +1300

Hi,

I've recently released some more detailed information on these CVEs
that can hopefully help out; see
<http://seclists.org/fulldisclosure/2014/Feb/48>.

(In addition, another author has written up
<http://seclists.org/dailydave/2014/q1/21> about CVE-2013-5892.)

In summary:

CVE-2013-5892 = guest root -> host user mode (at minimum) code execution
CVE-2014-0407 = host userspace information leak to guest root
CVE-2014-0405 = guest user mode -> guest kernel mode code execution
(Windows guests with the additions driver (in
virtualbox-guest-additions-iso in non-free) only, as has already been
brought up)
CVE-2014-0406 = DoS (via out-of-bounds read) of host VBox process by guest root
CVE-2014-0404 = DoS (via triggering of incorrect assertion) of host
VBox process by guest root

- Matthew

Message #25 received at 735410@bugs.debian.org (full text, mbox, reply):

From: Moritz Mühlenhoff <jmm@inutil.org>

To: Matthew Daley <mattd@bugfuzz.com>

Cc: 735410@bugs.debian.org

Subject: Re: Information on recent VBox CVEs

Date: Sun, 9 Feb 2014 02:04:55 +0100

On Sun, Feb 09, 2014 at 01:14:08AM +1300, Matthew Daley wrote:
> Hi,
> 
> I've recently released some more detailed information on these CVEs
> that can hopefully help out; see
> <http://seclists.org/fulldisclosure/2014/Feb/48>.

Saw that, thanks for following up in the bug log.

Felix, given that the scope is actually broader than local DoS
we should handle this via -security.

Cheers,
        Moritz

Message #30 received at 735410-close@bugs.debian.org (full text, mbox, reply):

From: Felix Geyer <fgeyer@debian.org>

To: 735410-close@bugs.debian.org

Subject: Bug#735410: fixed in virtualbox 4.3.6-dfsg-1

Date: Mon, 10 Feb 2014 22:19:49 +0000

Source: virtualbox
Source-Version: 4.3.6-dfsg-1

We believe that the bug you reported is fixed in the latest version of
virtualbox, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 735410@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Felix Geyer <fgeyer@debian.org> (supplier of updated virtualbox package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 10 Feb 2014 21:41:40 +0100
Source: virtualbox
Binary: virtualbox-qt virtualbox virtualbox-dbg virtualbox-dkms virtualbox-source virtualbox-guest-dkms virtualbox-guest-source virtualbox-guest-x11 virtualbox-guest-utils
Architecture: source amd64 all
Version: 4.3.6-dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Virtualbox Team <pkg-virtualbox-devel@lists.alioth.debian.org>
Changed-By: Felix Geyer <fgeyer@debian.org>
Description: 
 virtualbox - x86 virtualization solution - base binaries
 virtualbox-dbg - x86 virtualization solution - debugging symbols
 virtualbox-dkms - x86 virtualization solution - kernel module sources for dkms
 virtualbox-guest-dkms - x86 virtualization solution - guest addition module source for dk
 virtualbox-guest-source - x86 virtualization solution - guest addition module source
 virtualbox-guest-utils - x86 virtualization solution - non-X11 guest utilities
 virtualbox-guest-x11 - x86 virtualization solution - X11 guest utilities
 virtualbox-qt - x86 virtualization solution - Qt based user interface
 virtualbox-source - x86 virtualization solution - kernel module source
Closes: 733263 734340 735410 736459
Changes: 
 virtualbox (4.3.6-dfsg-1) unstable; urgency=medium
 .
   * New upstream release. (Closes: #733263)
     - Fixes build against Linux 3.13. (Closes: #734340)
     - Fixes several vulnerabilities. (Closes: #735410)
       CVE-2013-5892, CVE-2014-0407, CVE-2014-0406, CVE-2014-0404
   * Drop compatibility with old X11 server packages.
   * Enable hardened build flags using hardening-wrapper. The upstream build
     system ignores the *FLAGS env variables. (Closes: #736459)
   * Refresh 16-no-update.patch.
Checksums-Sha1: 
 4e68f844fd0ce7b1cf13ddefd38e8ea958375e02 3560 virtualbox_4.3.6-dfsg-1.dsc
 b2756eb2099d1493d9419f2a8574e0afc2f78a87 42418500 virtualbox_4.3.6-dfsg.orig.tar.xz
 ddb6145d425cee809ca416e48e317107a59ea914 74368 virtualbox_4.3.6-dfsg-1.debian.tar.xz
 0e3b04de6ed90a85473f42ec97f5714bd4c91724 4584712 virtualbox-qt_4.3.6-dfsg-1_amd64.deb
 7388aeca40079661b2b929848cdf358c79d481a5 15489632 virtualbox_4.3.6-dfsg-1_amd64.deb
 a9312d93535da7bb93e36d21e9dbcca8a13c9a67 64523320 virtualbox-dbg_4.3.6-dfsg-1_amd64.deb
 f640925b24aa5bd7cd0751d238b14718b4ef3cdd 556802 virtualbox-dkms_4.3.6-dfsg-1_all.deb
 a067bd19efcb87fbdadb18f4c1f36c3f2c2204cf 659012 virtualbox-source_4.3.6-dfsg-1_all.deb
 1d29d8c1c7dda0bfdbabd1211247b778d4b0d823 469444 virtualbox-guest-dkms_4.3.6-dfsg-1_all.deb
 92ca85efd8bae3e28cd28f9b1636b278ba64ce70 569380 virtualbox-guest-source_4.3.6-dfsg-1_all.deb
 d44051d8e4f51db1ed488869fbbf35f92e77abfc 1006226 virtualbox-guest-x11_4.3.6-dfsg-1_amd64.deb
 600d632926a78aa3e3dd655b8ae93f20ac4dc1a5 365764 virtualbox-guest-utils_4.3.6-dfsg-1_amd64.deb
Checksums-Sha256: 
 a729fe78940f792933b836391c697dd772988b42d05139a89594c5818ea1373e 3560 virtualbox_4.3.6-dfsg-1.dsc
 84e361a240eaec6b339258fd4eada14f81586fe531db50cc62bf253162ceb943 42418500 virtualbox_4.3.6-dfsg.orig.tar.xz
 55a1190e7e987acdeec8d36da9a35c5c240b479d0cac86719b036022cf4d1e6e 74368 virtualbox_4.3.6-dfsg-1.debian.tar.xz
 6cb9f1ecd08944afa73bb1f0424c106ce8ae2339cbc1e71c134567b4d6250e36 4584712 virtualbox-qt_4.3.6-dfsg-1_amd64.deb
 423ae59c4e302bf4991197c72c3ad1ff020a32709025238de87b539bc38142d1 15489632 virtualbox_4.3.6-dfsg-1_amd64.deb
 2655fe62ea9ba1ffb62dc4338b8f8630315cae0547de543db14e26d156764da9 64523320 virtualbox-dbg_4.3.6-dfsg-1_amd64.deb
 29ebd081118d504cccf04c1eed928f77f3ae4717dc0e352645102a12c940cf98 556802 virtualbox-dkms_4.3.6-dfsg-1_all.deb
 74cbe0426652024921e4d84df81dee2d2c6135df16db6ecd8bfb12c3591906b3 659012 virtualbox-source_4.3.6-dfsg-1_all.deb
 fc162f7275cdbc0c7461f8a2a9d9d0d366b04568ab996eb28c9d7c56340d5b16 469444 virtualbox-guest-dkms_4.3.6-dfsg-1_all.deb
 de84dd4fa4acc2d7cf0b1da151f48b94df18dc8b66f9f049609f85cbae1006bd 569380 virtualbox-guest-source_4.3.6-dfsg-1_all.deb
 593ae20f1b1d8fc6a9f0d7f6058a08961507ad0b3a11ceebd1f5f3efafb3382e 1006226 virtualbox-guest-x11_4.3.6-dfsg-1_amd64.deb
 63c3db848f4d9699620b0d6fbece07ea5f9e70c270c90d9e3882db9472f3a7b5 365764 virtualbox-guest-utils_4.3.6-dfsg-1_amd64.deb
Files: 
 a49d8f62347b296f46b101dd6b13497e 3560 contrib/misc optional virtualbox_4.3.6-dfsg-1.dsc
 1af3d4273ae0d3daa163327fae3e3aae 42418500 contrib/misc optional virtualbox_4.3.6-dfsg.orig.tar.xz
 b6b5174db484c18af866b348f56cccd3 74368 contrib/misc optional virtualbox_4.3.6-dfsg-1.debian.tar.xz
 fcfdc8510e2527f9055fa48467b879d9 4584712 contrib/misc optional virtualbox-qt_4.3.6-dfsg-1_amd64.deb
 f2a9e208eab81c7df57e1bd1a6f1e7c2 15489632 contrib/misc optional virtualbox_4.3.6-dfsg-1_amd64.deb
 769e548b6e3f41698db2fa7187225d10 64523320 contrib/debug extra virtualbox-dbg_4.3.6-dfsg-1_amd64.deb
 ab852d877d92f2e722279562603dadc2 556802 contrib/kernel optional virtualbox-dkms_4.3.6-dfsg-1_all.deb
 5bc131dc05d627e599b5e5a1649228ba 659012 contrib/kernel optional virtualbox-source_4.3.6-dfsg-1_all.deb
 79878efa98de7b6c9e9266c55629dfcc 469444 contrib/kernel optional virtualbox-guest-dkms_4.3.6-dfsg-1_all.deb
 46bc6a9f90e0d769b0c8e17c6ab22205 569380 contrib/kernel optional virtualbox-guest-source_4.3.6-dfsg-1_all.deb
 e34d93d6e452a10bd65e98cdf5eead2a 1006226 contrib/x11 optional virtualbox-guest-x11_4.3.6-dfsg-1_amd64.deb
 751f14186f097a430d4368e9de7d8100 365764 contrib/misc optional virtualbox-guest-utils_4.3.6-dfsg-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJS+Ur1AAoJEP4ixv2DE11FwW0P/jxEuuWAyc96EUY3FZsBn0t4
I3mUjMSrnEYvJrP0hTeU//T37Ufv6kxnhzC2nn5VNuZrXrj9L6cipqnLF5dOe39a
4AGzjKSV/oFFPXREpbqfLy8Y46LOVTavjna5/DM8i3xdDP2XWSfOCh7sYLddjW+m
jyQjDo/BdzNJDCx76LJ1rx3eu6R8V9k2PVdZobdHpvtVYEq22fEEhwn8iSpWGkYU
Q1W7kxGKL/emxw7JMGB4UmIfhBt2TiZctZ7SIw8Y6tgHJtpD9Yq1ONz2mAKI2HYc
b51PYQ07i9xHZEeThvIuxYn81Uv0fpSM904vYArrVHGGkhaWmPXJmzf6ENfyW9yy
yIOecoskV1vmM9aCNsRHjUW224RjKW9f1uYy5uGpsgubNvuFnTQF2f/SIf6DmsWx
/QYdmdql7PMuL674+NJTx3D74bIr0JU9KyWdsjii9cV2S0+WrzXY+Qh97/nm/fAs
RX3xxDT4YXDASDSaqJsR/nT6lPAF1PalJd94U2F2Tk2DBTsDHyN3e9ZZXkEeDJyF
KsS8G8rB2DCFzlcTRnBwopxbepEZQepJGfOGWBBDBpgQ2wuR46/BJVOjHfCvLDdz
yziuIPBoxYIH51VcWHV3rGEygj5IEkoLsoJpPbIJIGUSUWy7qfmJc7K76joqdEIJ
AYdMg/FcONnWS+s+cH6s
=2SQs
-----END PGP SIGNATURE-----

Message #35 received at 735410@bugs.debian.org (full text, mbox, reply):

From: Felix Geyer <fgeyer@debian.org>

To: Moritz Mühlenhoff <jmm@inutil.org>, 735410@bugs.debian.org

Subject: Re: Bug#735410: Information on recent VBox CVEs

Date: Sun, 09 Mar 2014 18:51:56 +0100

Hi,

On 09.02.2014 02:04, Moritz Mühlenhoff wrote:
> On Sun, Feb 09, 2014 at 01:14:08AM +1300, Matthew Daley wrote:
>> Hi,
>>
>> I've recently released some more detailed information on these CVEs
>> that can hopefully help out; see
>> <http://seclists.org/fulldisclosure/2014/Feb/48>.
> 
> Saw that, thanks for following up in the bug log.
> 
> Felix, given that the scope is actually broader than local DoS
> we should handle this via -security.

I finally got around to test the fixed packages for squeeze and wheezy.
Sorry it took so long ...

The debdiffs I posted to this bug work fine.
From my perspective they can be pushed to the security archive.
Please let me know if you want me to upload them.

Cheers,
Felix

Message #40 received at 735410@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@inutil.org>

To: Felix Geyer <fgeyer@debian.org>

Cc: 735410@bugs.debian.org

Subject: Re: Bug#735410: Information on recent VBox CVEs

Date: Sun, 9 Mar 2014 19:20:59 +0100

On Sun, Mar 09, 2014 at 06:51:56PM +0100, Felix Geyer wrote:
> Hi,
> 
> On 09.02.2014 02:04, Moritz Mühlenhoff wrote:
> > On Sun, Feb 09, 2014 at 01:14:08AM +1300, Matthew Daley wrote:
> >> Hi,
> >>
> >> I've recently released some more detailed information on these CVEs
> >> that can hopefully help out; see
> >> <http://seclists.org/fulldisclosure/2014/Feb/48>.
> > 
> > Saw that, thanks for following up in the bug log.
> > 
> > Felix, given that the scope is actually broader than local DoS
> > we should handle this via -security.
> 
> I finally got around to test the fixed packages for squeeze and wheezy.
> Sorry it took so long ...
> 
> The debdiffs I posted to this bug work fine.
> From my perspective they can be pushed to the security archive.
> Please let me know if you want me to upload them.

Please upload to security-master

Cheers,
        Moritz

Message #45 received at 735410-close@bugs.debian.org (full text, mbox, reply):

From: Felix Geyer <fgeyer@debian.org>

To: 735410-close@bugs.debian.org

Subject: Bug#735410: fixed in virtualbox 4.1.18-dfsg-2+deb7u2

Date: Sun, 16 Mar 2014 18:47:16 +0000

Source: virtualbox
Source-Version: 4.1.18-dfsg-2+deb7u2

We believe that the bug you reported is fixed in the latest version of
virtualbox, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 735410@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Felix Geyer <fgeyer@debian.org> (supplier of updated virtualbox package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 09 Mar 2014 19:46:52 +0100
Source: virtualbox
Binary: virtualbox-qt virtualbox virtualbox-dbg virtualbox-dkms virtualbox-source virtualbox-guest-dkms virtualbox-guest-source virtualbox-guest-x11 virtualbox-guest-utils virtualbox-fuse virtualbox-ose-qt virtualbox-ose virtualbox-ose-dbg virtualbox-ose-dkms virtualbox-ose-source virtualbox-ose-guest-dkms virtualbox-ose-guest-source virtualbox-ose-guest-x11 virtualbox-ose-guest-utils virtualbox-ose-fuse
Architecture: source amd64 all
Version: 4.1.18-dfsg-2+deb7u2
Distribution: wheezy-security
Urgency: high
Maintainer: Debian Virtualbox Team <pkg-virtualbox-devel@lists.alioth.debian.org>
Changed-By: Felix Geyer <fgeyer@debian.org>
Description: 
 virtualbox - x86 virtualization solution - base binaries
 virtualbox-dbg - x86 virtualization solution - debugging symbols
 virtualbox-dkms - x86 virtualization solution - kernel module sources for dkms
 virtualbox-fuse - x86 virtualization solution - virtual filesystem
 virtualbox-guest-dkms - x86 virtualization solution - guest addition module source for dk
 virtualbox-guest-source - x86 virtualization solution - guest addition module source
 virtualbox-guest-utils - x86 virtualization solution - non-X11 guest utilities
 virtualbox-guest-x11 - x86 virtualization solution - X11 guest utilities
 virtualbox-ose - transitional package for virtualbox
 virtualbox-ose-dbg - transitional package for virtualbox-dbg
 virtualbox-ose-dkms - transitional package for virtualbox-dkms
 virtualbox-ose-fuse - transitional package for virtualbox-fuse
 virtualbox-ose-guest-dkms - transitional package for virtualbox-guest-dkms
 virtualbox-ose-guest-source - transitional package for virtualbox-guest-source
 virtualbox-ose-guest-utils - transitional package for virtualbox-guest-utils
 virtualbox-ose-guest-x11 - transitional package for virtualbox-guest-x11
 virtualbox-ose-qt - transitional package for virtualbox-qt
 virtualbox-ose-source - transitional package for virtualbox-source
 virtualbox-qt - x86 virtualization solution - Qt based user interface
 virtualbox-source - x86 virtualization solution - kernel module source
Closes: 735410
Changes: 
 virtualbox (4.1.18-dfsg-2+deb7u2) wheezy-security; urgency=high
 .
   * Apply fixes from the January 2014 security advisory. (Closes: #735410)
     - Add debian/patches/38-security-fixes-2014-01.patch
     - CVE-2013-5892, CVE-2014-0407, CVE-2014-0406, CVE-2014-0404
Checksums-Sha1: 
 f7094be2a60fa4c247bd8a9ffba028de0dd8bb1e 4113 virtualbox_4.1.18-dfsg-2+deb7u2.dsc
 c78e4fd5fbf5b6579ae6c5aa3d88b85d47e82de4 33362880 virtualbox_4.1.18-dfsg.orig.tar.xz
 2d27670d10cbf33d8f62eb4058636083a76c8eb1 100430 virtualbox_4.1.18-dfsg-2+deb7u2.debian.tar.gz
 1c7e9db7dead2d6fb4ced20918b34115b1f61ea6 4223840 virtualbox-qt_4.1.18-dfsg-2+deb7u2_amd64.deb
 fdab67775965bb779ef6e9318f882550fc7b9e6e 12746984 virtualbox_4.1.18-dfsg-2+deb7u2_amd64.deb
 5c40ceba42137c3455114ca765e903e3d5e962f0 51533900 virtualbox-dbg_4.1.18-dfsg-2+deb7u2_amd64.deb
 dae0f3df278c4ab3380c44e263e03e98bbfa673f 497172 virtualbox-dkms_4.1.18-dfsg-2+deb7u2_all.deb
 b56cf90cb8ec6f7b6884d2a9678726c399270dcf 597366 virtualbox-source_4.1.18-dfsg-2+deb7u2_all.deb
 b725f40af248c9727cd27f563b5fe84c7e98f3a7 435318 virtualbox-guest-dkms_4.1.18-dfsg-2+deb7u2_all.deb
 fd3536f2b5ecf0c9607790b87ac14e41b4f7891c 538820 virtualbox-guest-source_4.1.18-dfsg-2+deb7u2_all.deb
 8a79ab9b3a6d10365e9a81ce70255174ae5563df 855614 virtualbox-guest-x11_4.1.18-dfsg-2+deb7u2_amd64.deb
 81ae70f6160593236a39913050ca4cfe035c0190 307424 virtualbox-guest-utils_4.1.18-dfsg-2+deb7u2_amd64.deb
 9d401b72ea0fcf82c3ded067d17880fb8d761c52 43668 virtualbox-fuse_4.1.18-dfsg-2+deb7u2_amd64.deb
 c09462f4803c0e338900a8ec68c55d331c3ca64b 40836 virtualbox-ose-qt_4.1.18-dfsg-2+deb7u2_all.deb
 209ae875a886d2bf2e3c94f64d64efc729cb18df 40826 virtualbox-ose_4.1.18-dfsg-2+deb7u2_all.deb
 9158d592349925c17d311fa855933d35d20b3aff 40834 virtualbox-ose-dbg_4.1.18-dfsg-2+deb7u2_all.deb
 c15ff8c86d53fdb599afda49300c1e4a0fa59292 40838 virtualbox-ose-dkms_4.1.18-dfsg-2+deb7u2_all.deb
 720ac3880e3bd3d7cfbef4203365346842262828 40844 virtualbox-ose-source_4.1.18-dfsg-2+deb7u2_all.deb
 f867b8b8e400fab9724520a8040b1475aa58a755 40852 virtualbox-ose-guest-dkms_4.1.18-dfsg-2+deb7u2_all.deb
 b4105ef7d30c0d959f0991606b7dc089eb36c057 40846 virtualbox-ose-guest-source_4.1.18-dfsg-2+deb7u2_all.deb
 d1f4d27336c32cd15df9acc0c283069a411ef899 40846 virtualbox-ose-guest-x11_4.1.18-dfsg-2+deb7u2_all.deb
 e42ff4da603f9c2604f453c3db4fad26ec623610 40850 virtualbox-ose-guest-utils_4.1.18-dfsg-2+deb7u2_all.deb
 315ab9113fc21047f93121b7387afa124e8804b4 40838 virtualbox-ose-fuse_4.1.18-dfsg-2+deb7u2_all.deb
Checksums-Sha256: 
 3e88c2ce03f041e840bc3c2408f77f3006a1d8260750cf98dbcdfe20e5b5e050 4113 virtualbox_4.1.18-dfsg-2+deb7u2.dsc
 b21f4f2839e73ed5652c66d9012c2ab119e3a336483689afb5eb4f97c21db1f6 33362880 virtualbox_4.1.18-dfsg.orig.tar.xz
 9024612f514cccf30709e370b9076a2c2b7b3fbb19d0674171582ba23bbd0fd1 100430 virtualbox_4.1.18-dfsg-2+deb7u2.debian.tar.gz
 9652385022861530edad4c8158ba681d519e8881a4384d6cfd626b172152bd63 4223840 virtualbox-qt_4.1.18-dfsg-2+deb7u2_amd64.deb
 e97bef55e369da510342c92e28e56061ef4983e3a049267d04e3f5b2e9b5f9d4 12746984 virtualbox_4.1.18-dfsg-2+deb7u2_amd64.deb
 5bb18806b1a56ec7cb2b099a3825b02043914cf6eff0f342c9c77c915ad34086 51533900 virtualbox-dbg_4.1.18-dfsg-2+deb7u2_amd64.deb
 7a85495d6d62f3c9814a5cdc8078f3ee49bb8796b71066e2673155dbb7d2a72e 497172 virtualbox-dkms_4.1.18-dfsg-2+deb7u2_all.deb
 0b76563a44aabbacb4b6933d22f0101a576bd26b0e53fba2e693f198b84085f1 597366 virtualbox-source_4.1.18-dfsg-2+deb7u2_all.deb
 2d95059166bd4ea4021cc43f05d4a9162fcfb148cc9148688fa2eb80bb4a9acd 435318 virtualbox-guest-dkms_4.1.18-dfsg-2+deb7u2_all.deb
 f872b1335ac08785356e51a83049565608ea850b4b45d50decbf39ee5d0e50e8 538820 virtualbox-guest-source_4.1.18-dfsg-2+deb7u2_all.deb
 c34b5ac7ab21788c350aa643e8c814730139ddb2bbab2dca71b2b470f64d8ebe 855614 virtualbox-guest-x11_4.1.18-dfsg-2+deb7u2_amd64.deb
 116d8644f83684a6bf0fdff650b65f797b700b3008cd9d497dd530be172662dc 307424 virtualbox-guest-utils_4.1.18-dfsg-2+deb7u2_amd64.deb
 1972e0076eff27ca92e179d1b6b1c9fd7fc6875195a3c26f8fc9b28d73c5c1c9 43668 virtualbox-fuse_4.1.18-dfsg-2+deb7u2_amd64.deb
 4cc15fe835a979cae9337d3b5822b09e5bc9ebb7fab5d6d19e0f1cc2058e1bd4 40836 virtualbox-ose-qt_4.1.18-dfsg-2+deb7u2_all.deb
 eeb5a2538f67615a8a9f93bc23cee9b53e7543e6c622933291601d8477bad3f6 40826 virtualbox-ose_4.1.18-dfsg-2+deb7u2_all.deb
 f52171bcf27593e8033150c7ce28918644f34f2dcd28fbe24cdaccc23f3af071 40834 virtualbox-ose-dbg_4.1.18-dfsg-2+deb7u2_all.deb
 68abc4429664570243be14a89ca9fb0a88fab530c99a3ab6eb42c50d02660fac 40838 virtualbox-ose-dkms_4.1.18-dfsg-2+deb7u2_all.deb
 0a1cb975f2cb8fad7a4e2b7764c1f022753a08c3c65000a2ebd1c0733d1314fb 40844 virtualbox-ose-source_4.1.18-dfsg-2+deb7u2_all.deb
 39319c3fbabf24bf4880fd4ad8863f95d1ffebf6053da3ce6c2cee5dac9d3b14 40852 virtualbox-ose-guest-dkms_4.1.18-dfsg-2+deb7u2_all.deb
 b86683aee9272086d60664c706e79b8f4afda9c42b96e6641bc7c46cee80aba8 40846 virtualbox-ose-guest-source_4.1.18-dfsg-2+deb7u2_all.deb
 60a8f0ee6e766990669868faf9322a77edf24218cecc69b360c4e85d6b4a654b 40846 virtualbox-ose-guest-x11_4.1.18-dfsg-2+deb7u2_all.deb
 509dba3cbbb4e617c04db3c1a4ac0ef4235a1e54823fe4aa9bf3b1a5ea19b578 40850 virtualbox-ose-guest-utils_4.1.18-dfsg-2+deb7u2_all.deb
 d6c038fa4060e5ade9dbdb46f0aedb6b0a6ae76c2f0bf33af30ea4606f13972e 40838 virtualbox-ose-fuse_4.1.18-dfsg-2+deb7u2_all.deb
Files: 
 d808272b801076cb599b2a8605c4fbda 4113 misc optional virtualbox_4.1.18-dfsg-2+deb7u2.dsc
 6b5b4496b2ebca1ad412c2f35b9dfb1c 33362880 misc optional virtualbox_4.1.18-dfsg.orig.tar.xz
 9a5a9413714257153b4deca372923929 100430 misc optional virtualbox_4.1.18-dfsg-2+deb7u2.debian.tar.gz
 693a2d5cf8293b7505ae5dd9bbf02210 4223840 misc optional virtualbox-qt_4.1.18-dfsg-2+deb7u2_amd64.deb
 eff175fec5d4677fb2c520e42f4548fb 12746984 misc optional virtualbox_4.1.18-dfsg-2+deb7u2_amd64.deb
 e3ef37a4f2035f7b1ef36ad19a57a1ed 51533900 debug extra virtualbox-dbg_4.1.18-dfsg-2+deb7u2_amd64.deb
 875eb9c6c6da0b75ff4b70d9174ec5d4 497172 kernel optional virtualbox-dkms_4.1.18-dfsg-2+deb7u2_all.deb
 dfe122cdca0e82a450860461bc00fe53 597366 kernel optional virtualbox-source_4.1.18-dfsg-2+deb7u2_all.deb
 c647eb79d6a7059c36dc4ddcd486946a 435318 kernel optional virtualbox-guest-dkms_4.1.18-dfsg-2+deb7u2_all.deb
 d4cc7875426cd39c8506786868dee783 538820 kernel optional virtualbox-guest-source_4.1.18-dfsg-2+deb7u2_all.deb
 7928f686fed6cc03ebd38bfd221a46a5 855614 x11 optional virtualbox-guest-x11_4.1.18-dfsg-2+deb7u2_amd64.deb
 fdd0884030138bf1f91b6111b1d481d0 307424 misc optional virtualbox-guest-utils_4.1.18-dfsg-2+deb7u2_amd64.deb
 ad26758f93b786fffe779077898baef8 43668 misc optional virtualbox-fuse_4.1.18-dfsg-2+deb7u2_amd64.deb
 ca7a0d3a7299cf65c4880e256df43c5c 40836 oldlibs extra virtualbox-ose-qt_4.1.18-dfsg-2+deb7u2_all.deb
 78af5cf2e891eba2572ec9c610c05c9e 40826 oldlibs extra virtualbox-ose_4.1.18-dfsg-2+deb7u2_all.deb
 bd716e58be10f647f9ae17bbe4f61112 40834 oldlibs extra virtualbox-ose-dbg_4.1.18-dfsg-2+deb7u2_all.deb
 2b187ee21660009ba2912990600d4d36 40838 oldlibs extra virtualbox-ose-dkms_4.1.18-dfsg-2+deb7u2_all.deb
 5fd086f031d75f9367ddff9e246ed217 40844 oldlibs extra virtualbox-ose-source_4.1.18-dfsg-2+deb7u2_all.deb
 92b9e69624170b5bde91bfba733d114f 40852 oldlibs extra virtualbox-ose-guest-dkms_4.1.18-dfsg-2+deb7u2_all.deb
 eebabbd214cc89e83a3fab7fec54277a 40846 oldlibs extra virtualbox-ose-guest-source_4.1.18-dfsg-2+deb7u2_all.deb
 0eaeced97801e13be1fa7e4db2d0a603 40846 oldlibs extra virtualbox-ose-guest-x11_4.1.18-dfsg-2+deb7u2_all.deb
 7cd29f3136075608a06d9526b5d909ae 40850 oldlibs extra virtualbox-ose-guest-utils_4.1.18-dfsg-2+deb7u2_all.deb
 8a9066895cf15b0fe6ecea56d9fd73f1 40838 oldlibs extra virtualbox-ose-fuse_4.1.18-dfsg-2+deb7u2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJTHM1WAAoJEP4ixv2DE11F3p4QAKFbFxCQKfqMBJf50fJu+miZ
kpIfKIxkf1A54WRZDfweCFJnlgxL1vnOtKRCE5+YLoCdSQvmYCOAEG6mCmm3g0b7
ur9wZD5FJF0ULaSEnucwC0xFR+9jXJ3I6L+Y+FPEvLxMwo+YdvaR9R3P/eTUIa+D
3DwxDu3C4g7incdRgCjKUk+tL3JWTjsVlQCU8dMpalazzUzZLRUL7qg+c/VSkOID
8r2teuRu7I8waK+H2o+rJJthv2Ro9OGAyroU0GSZVq16oHLDaTpL6lDutEgBqdnB
WBcJi8Rxwnv1ncyUTbwZYaKbkSD7p4XFxGAO0qz7d3WmCzqNVLN/RhtBWijYh/M2
xm0rxZMp0OMSUHmgL7Ti25OGHFDDmxjNt51gn6WqVSidJqK/aMqzHrIQFpPCm4H8
gCk1xn8+kw99TvP/Bovqmtp72iejXe2UNjHDVL4AW7wOxKs3JTyeIFKjXs4yRCqU
BFuiwtM1PkR+689JcgaWMIprimAT4WJ1ioqRFKjnm61z1VKlt5uQvFUxbsnOpb4p
CXu83XaW1M3FJ8wheSzNopALEUPOYwJ07ZouOKcSatSJnzHbZEXqpGzvo7iiqEch
zkgiK0tEy/trdHRG5moUME86iS4jnyGX0Q8AnHBUiXcptqrMsbP+nuuLUtmVOOuA
/disu8LXNFvVv0zNCK/Z
=4ys3
-----END PGP SIGNATURE-----

Message #50 received at 735410-close@bugs.debian.org (full text, mbox, reply):

From: Felix Geyer <fgeyer@debian.org>

To: 735410-close@bugs.debian.org

Subject: Bug#735410: fixed in virtualbox-ose 3.2.10-dfsg-1+squeeze2

Date: Sun, 16 Mar 2014 21:17:36 +0000

Source: virtualbox-ose
Source-Version: 3.2.10-dfsg-1+squeeze2

We believe that the bug you reported is fixed in the latest version of
virtualbox-ose, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 735410@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Felix Geyer <fgeyer@debian.org> (supplier of updated virtualbox-ose package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 09 Mar 2014 20:23:51 +0100
Source: virtualbox-ose
Binary: virtualbox-ose-qt virtualbox-ose virtualbox-ose-dbg virtualbox-ose-dkms virtualbox-ose-source virtualbox-ose-guest-dkms virtualbox-ose-guest-source virtualbox-ose-guest-x11 virtualbox-ose-guest-utils virtualbox-ose-fuse
Architecture: source amd64 all
Version: 3.2.10-dfsg-1+squeeze2
Distribution: squeeze-security
Urgency: high
Maintainer: Debian Virtualbox Team <pkg-virtualbox-devel@lists.alioth.debian.org>
Changed-By: Felix Geyer <fgeyer@debian.org>
Description: 
 virtualbox-ose - x86 virtualization solution - base binaries
 virtualbox-ose-dbg - x86 virtualization solution - debugging symbols
 virtualbox-ose-dkms - x86 virtualization solution - kernel module sources for dkms
 virtualbox-ose-fuse - x86 virtualization solution - virtual filesystem
 virtualbox-ose-guest-dkms - x86 virtualization solution - guest addition module source for dk
 virtualbox-ose-guest-source - x86 virtualization solution - guest addition module source
 virtualbox-ose-guest-utils - x86 virtualization solution - non-X11 guest utilities
 virtualbox-ose-guest-x11 - x86 virtualization solution - X11 guest utilities
 virtualbox-ose-qt - x86 virtualization solution - Qt based user interface
 virtualbox-ose-source - x86 virtualization solution - kernel module source
Closes: 735410
Changes: 
 virtualbox-ose (3.2.10-dfsg-1+squeeze2) squeeze-security; urgency=high
 .
   * Apply fixes from the January 2014 security advisory. (Closes: #735410)
     - Add debian/patches/28-security-fixes-2014-01.patch
     - CVE-2013-5892, CVE-2014-0407, CVE-2014-0406, CVE-2014-0404
Checksums-Sha1: 
 136e470c81c22519d4e43bb6c6f385e96918daee 3044 virtualbox-ose_3.2.10-dfsg-1+squeeze2.dsc
 f36d5b464ddf4fe11e5066276d4b960e8569bc02 28641481 virtualbox-ose_3.2.10-dfsg.orig.tar.gz
 795c871ddf878c1bf7961d71e242c0d990d55766 93737 virtualbox-ose_3.2.10-dfsg-1+squeeze2.diff.gz
 9fab8e0bf87788307a2a124f74a0b4171742b938 5000106 virtualbox-ose-qt_3.2.10-dfsg-1+squeeze2_amd64.deb
 71f47b3ca8946f090aceeeced7475376c93d8fb6 9054028 virtualbox-ose_3.2.10-dfsg-1+squeeze2_amd64.deb
 b3f1858141c5bacbf828eeb4347b19d79912342b 52107448 virtualbox-ose-dbg_3.2.10-dfsg-1+squeeze2_amd64.deb
 dff8296d7840f52c8bac679a81a600a9b2ac66c2 549048 virtualbox-ose-dkms_3.2.10-dfsg-1+squeeze2_all.deb
 e6e767e4c3bccd029d2bd4220ca0f21991a2ac2a 470604 virtualbox-ose-source_3.2.10-dfsg-1+squeeze2_all.deb
 a928c5962d3b9c55f47f57eb09f6456cc460e7cc 477676 virtualbox-ose-guest-dkms_3.2.10-dfsg-1+squeeze2_all.deb
 05299a0e93dc7c72b6ec8f348d4ebe87d37b4528 415736 virtualbox-ose-guest-source_3.2.10-dfsg-1+squeeze2_all.deb
 9c54d9ba0c13e52490fb68a6ae72469059158c91 1407730 virtualbox-ose-guest-x11_3.2.10-dfsg-1+squeeze2_amd64.deb
 84946509c9f0f25726b5fd40eb1feb9a57b6c0c8 513840 virtualbox-ose-guest-utils_3.2.10-dfsg-1+squeeze2_amd64.deb
 8e4377c909904db1f2870602f06e86528429d274 39746 virtualbox-ose-fuse_3.2.10-dfsg-1+squeeze2_amd64.deb
Checksums-Sha256: 
 95c6961e5f74c0980da4dc176bbf27b0b6821b808ad0b66e7e0a61e8b37ca07b 3044 virtualbox-ose_3.2.10-dfsg-1+squeeze2.dsc
 28fe56081d726712338acd16f43d0e4a7324695229ab900bca02185ac2a97678 28641481 virtualbox-ose_3.2.10-dfsg.orig.tar.gz
 a0f4b9d7428e7dad8cf23774a178f324b7f127146653c88b605e469f0bd5fe79 93737 virtualbox-ose_3.2.10-dfsg-1+squeeze2.diff.gz
 dd53f04e0fdfd9f05e65bab7ab59d17c4d4c951a0904b250c9838b2134d8daa3 5000106 virtualbox-ose-qt_3.2.10-dfsg-1+squeeze2_amd64.deb
 97b94660b06c137a2aed05700200e3076a26f80aa2abf18de80ba7c5e57afd80 9054028 virtualbox-ose_3.2.10-dfsg-1+squeeze2_amd64.deb
 40e8df066a42c82dbcd6e6f7829aa51c9f6628cd1660cdda346cc6ec7e41cd09 52107448 virtualbox-ose-dbg_3.2.10-dfsg-1+squeeze2_amd64.deb
 b8213857e36292acd2b509bed5728f55eec564e7476182a0dbe05b366a48809f 549048 virtualbox-ose-dkms_3.2.10-dfsg-1+squeeze2_all.deb
 0dd644d49e6f52c4cb1abcfff24c500fcb1a74d940c34f7fe32e69fffebbc65b 470604 virtualbox-ose-source_3.2.10-dfsg-1+squeeze2_all.deb
 ecdf2cc934bfdaaa99d0e08b6d6dcb1fe01cd72ae00008362a822ad34d84d121 477676 virtualbox-ose-guest-dkms_3.2.10-dfsg-1+squeeze2_all.deb
 942fd3a9b533615d356d58a86f0d25848683e518c2bbbadc3dc8be6e2d585d49 415736 virtualbox-ose-guest-source_3.2.10-dfsg-1+squeeze2_all.deb
 ae426f530281619dd26b7b4c7c86ab68fd2461053d3f270b8d4b7e39ec7aa517 1407730 virtualbox-ose-guest-x11_3.2.10-dfsg-1+squeeze2_amd64.deb
 8b8755bbdd24b4c56f45daa47694839c2ca96af039f5cede17258feb89fa0a7c 513840 virtualbox-ose-guest-utils_3.2.10-dfsg-1+squeeze2_amd64.deb
 dca9e0e0acac57f3191b93359aa9fe912a51a3efeb5d8c5fb7d736b168877bad 39746 virtualbox-ose-fuse_3.2.10-dfsg-1+squeeze2_amd64.deb
Files: 
 22137e89b69a32c1bc51962dc9231566 3044 misc optional virtualbox-ose_3.2.10-dfsg-1+squeeze2.dsc
 ae6a33c6f2a2281e01458f8860892124 28641481 misc optional virtualbox-ose_3.2.10-dfsg.orig.tar.gz
 3a1b6cbccc970690ca7b344bcd326528 93737 misc optional virtualbox-ose_3.2.10-dfsg-1+squeeze2.diff.gz
 d06ac4475f2808a4f3579d080da1d793 5000106 misc optional virtualbox-ose-qt_3.2.10-dfsg-1+squeeze2_amd64.deb
 bf8cd4e55000cc99247e0091af754dc1 9054028 misc optional virtualbox-ose_3.2.10-dfsg-1+squeeze2_amd64.deb
 aebe62a4adc4f268612ac792331f8def 52107448 debug extra virtualbox-ose-dbg_3.2.10-dfsg-1+squeeze2_amd64.deb
 9ce2b998433e3e2202d39acd5b08aab6 549048 kernel optional virtualbox-ose-dkms_3.2.10-dfsg-1+squeeze2_all.deb
 343c6e77f28ceeea4b2d4c6c9b2438a7 470604 kernel optional virtualbox-ose-source_3.2.10-dfsg-1+squeeze2_all.deb
 ed1fac8811e8ec73a570e92c1cdfbb8f 477676 kernel optional virtualbox-ose-guest-dkms_3.2.10-dfsg-1+squeeze2_all.deb
 bd46c3c2bf012d425928c79282706715 415736 kernel optional virtualbox-ose-guest-source_3.2.10-dfsg-1+squeeze2_all.deb
 fe98f743521819504613928d5c7e2600 1407730 x11 optional virtualbox-ose-guest-x11_3.2.10-dfsg-1+squeeze2_amd64.deb
 fc34253c93823441e088ff41a2f913e6 513840 misc optional virtualbox-ose-guest-utils_3.2.10-dfsg-1+squeeze2_amd64.deb
 7ffbcc2193ceab5c2587b810c94f99b5 39746 misc optional virtualbox-ose-fuse_3.2.10-dfsg-1+squeeze2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJTHMcdAAoJEP4ixv2DE11FM6gP/jNclBy/PFI42FfZVoTGryi4
oHjkaqufhn/sDTheleLf7E4K6QxyOTZLnMIx9hWAjhIxPy6edLsae5XPE2LsYdYP
/8xN+g2qVjdDcAIl3NRtMQyMP27FohagJP2jVdkpbfoMxvn7TRy8jeoiWjGcJhRI
uD2uzAVUYT9FVAMVE2ayFvpVR5F9Conxd5M7hIGX9fXIR0zfT60ZgLqK4VXIUg9g
HtCFon8uPwsmHyBqmNhu0TypAySxLSPQ17l4cGCVIDKFCEr21sRLBSrC3+epg21t
genVFGlraq07Lo7LlUGlp84775p09PllQKiXIERevqhOZzvE9z1P2V8ryzS0ukY9
6gi0MPb0qoJpAPsw2w9W8p0mKHXXQ1jB9NYJ/5zDGtNPB1PxLsQAHey2NM+/9kNJ
toZaUcPhkCoxeXApgHYpvWn5XEve5NaE24xWklCCDWCl/xwd7ktvTVqS5WvLWlnl
CpH9h/w5aUsITdEWakt3Rs5Zs+F6wNr7Q8XRUkrrzv09TNEymkamCOUN4al7RlGP
4zpB2tsA24r9Qne2hZAGQS4ib5qx1k5iMBWSywH9U+saNuIHeGdDAnCJU02a6RUh
/zwOvu/TxbE34wRK+ooBgS4oivUWl6MFGAaGrNalwZaiKfajQbWInpYqbd7JZwez
6Yrzwqdh+dUXPdsC5MvY
=nF8X
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.