virtualbox: CVE-2015-3456: floppy driver host code execution

Debian Bug report logs - #785424
virtualbox: CVE-2015-3456: floppy driver host code execution

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: virtualbox: CVE-2015-3456: floppy driver host code execution

Date: Sat, 16 May 2015 05:54:13 +0200

Source: virtualbox
Version: 4.1.18-dfsg-1
Severity: grave
Tags: security upstream fixed-upstream
Justification: user security hole

Hi,

the following vulnerability was published for virtualbox.

CVE-2015-3456[0]:
| The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and
| earlier and KVM, allows local guest users to cause a denial of service
| (out-of-bounds write and guest crash) or possibly execute arbitrary
| code via the (1) FD_CMD_READ_ID, (2)
| FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka
| VENOM.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2015-3456
[1] http://www.oracle.com/technetwork/topics/security/alert-cve-2015-3456-2542656.html

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Message #10 received at 785424@bugs.debian.org (full text, mbox, reply):

From: Gianfranco Costamagna <costamagnagianfranco@yahoo.it>

To: "785424@bugs.debian.org" <785424@bugs.debian.org>

Subject: Re: Bug#785424: virtualbox: CVE-2015-3456: floppy driver host code execution

Date: Mon, 18 May 2015 16:48:13 +0000 (UTC)

Hi

sid/testing:

- 4.3.28 is not affected (upload pending)

-jessie:
4.3.18-dfsg-3+deb8u2 is fixed in git branch jessie, with the upstream patch

http://anonscm.debian.org/cgit/pkg-virtualbox/virtualbox.git/commit/?h=jessie&id=990f846aec31871952b839ed93f7963f16bceb0c

-wheezy:
4.1.18-dfsg-2+deb7u5 should be fixed in git branch wheezy with the (little changed to remove fuzz and to find the file in the right location) upstream patch

http://anonscm.debian.org/cgit/pkg-virtualbox/virtualbox.git/commit/?h=wheezy&id=3426d960fc44c86b31d8755717499c83fc127194

I'm rebuilding right now them, sorry for the looooooong delay in fixing them, upstream only ack'd the patch today, and I was also on VAC for two days.


cheers,

Gianfranco

Message #15 received at 785424@bugs.debian.org (full text, mbox, reply):

From: Frank Mehnert <frank.mehnert@oracle.com>

To: Gianfranco Costamagna <costamagnagianfranco@yahoo.it>

Cc: pkg-virtualbox-devel@lists.alioth.debian.org, 785424@bugs.debian.org

Subject: Re: [Pkg-virtualbox-devel] Bug#785424: virtualbox: CVE-2015-3456: floppy driver host code execution

Date: Mon, 18 May 2015 19:50:18 +0200

Hi Gianfranco,

could you also have a look here?

  https://www.virtualbox.org/ticket/14128#comment:1

This is regarding the 4.3.18 Jessie package.

Thanks,

Frank

On Monday 18 May 2015 16:48:13 Gianfranco Costamagna wrote:
> Hi
> 
> sid/testing:
> 
> - 4.3.28 is not affected (upload pending)
> 
> -jessie:
> 4.3.18-dfsg-3+deb8u2 is fixed in git branch jessie, with the upstream patch
> 
> http://anonscm.debian.org/cgit/pkg-virtualbox/virtualbox.git/commit/?h=jessi
> e&id=990f846aec31871952b839ed93f7963f16bceb0c
> 
> -wheezy:
> 4.1.18-dfsg-2+deb7u5 should be fixed in git branch wheezy with the (little
> changed to remove fuzz and to find the file in the right location) upstream
> patch
> 
> http://anonscm.debian.org/cgit/pkg-virtualbox/virtualbox.git/commit/?h=wheez
> y&id=3426d960fc44c86b31d8755717499c83fc127194
> 
> I'm rebuilding right now them, sorry for the looooooong delay in fixing
> them, upstream only ack'd the patch today, and I was also on VAC for two
> days.
> 
> 
> cheers,
> 
> Gianfranco
> 
> _______________________________________________
> Pkg-virtualbox-devel mailing list
> Pkg-virtualbox-devel@lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-virtualbox-devel

-- 
Dr.-Ing. Frank Mehnert | Software Development Director, VirtualBox
ORACLE Deutschland B.V. & Co. KG | Werkstr. 24 | 71384 Weinstadt, Germany

ORACLE Deutschland B.V. & Co. KG
Hauptverwaltung: Riesstraße 25, D-80992 München
Registergericht: Amtsgericht München, HRA 95603

Komplementärin: ORACLE Deutschland Verwaltung B.V.
Hertogswetering 163/167, 3543 AS Utrecht, Niederlande
Handelsregister der Handelskammer Midden-Niederlande, Nr. 30143697
Geschäftsführer: Alexander van der Ven, Astrid Kepper, Val Maher

Message #20 received at 785424@bugs.debian.org (full text, mbox, reply):

From: Gianfranco Costamagna <costamagnagianfranco@yahoo.it>

To: Frank Mehnert <frank.mehnert@oracle.com>, "785424@bugs.debian.org" <785424@bugs.debian.org>

Subject: Re: Bug#785424: [Pkg-virtualbox-devel] Bug#785424: virtualbox: CVE-2015-3456: floppy driver host code execution

Date: Tue, 19 May 2015 08:20:07 +0000 (UTC)

Hi Frank, is 4.1.18 affected?


cheers,

Gianfranco




Il Lunedì 18 Maggio 2015 20:36, Frank Mehnert <frank.mehnert@oracle.com> ha scritto:
Hi Gianfranco,

could you also have a look here?

  https://www.virtualbox.org/ticket/14128#comment:1

This is regarding the 4.3.18 Jessie package.

Thanks,

Frank


On Monday 18 May 2015 16:48:13 Gianfranco Costamagna wrote:
> Hi
> 
> sid/testing:
> 
> - 4.3.28 is not affected (upload pending)
> 
> -jessie:
> 4.3.18-dfsg-3+deb8u2 is fixed in git branch jessie, with the upstream patch
> 
> http://anonscm.debian.org/cgit/pkg-virtualbox/virtualbox.git/commit/?h=jessi
> e&id=990f846aec31871952b839ed93f7963f16bceb0c
> 
> -wheezy:
> 4.1.18-dfsg-2+deb7u5 should be fixed in git branch wheezy with the (little
> changed to remove fuzz and to find the file in the right location) upstream
> patch
> 
> http://anonscm.debian.org/cgit/pkg-virtualbox/virtualbox.git/commit/?h=wheez
> y&id=3426d960fc44c86b31d8755717499c83fc127194
> 
> I'm rebuilding right now them, sorry for the looooooong delay in fixing
> them, upstream only ack'd the patch today, and I was also on VAC for two
> days.
> 
> 
> cheers,
> 
> Gianfranco
> 
> _______________________________________________
> Pkg-virtualbox-devel mailing list
> Pkg-virtualbox-devel@lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-virtualbox-devel

-- 
Dr.-Ing. Frank Mehnert | Software Development Director, VirtualBox
ORACLE Deutschland B.V. & Co. KG | Werkstr. 24 | 71384 Weinstadt, Germany

ORACLE Deutschland B.V. & Co. KG
Hauptverwaltung: Riesstraße 25, D-80992 München
Registergericht: Amtsgericht München, HRA 95603

Komplementärin: ORACLE Deutschland Verwaltung B.V.
Hertogswetering 163/167, 3543 AS Utrecht, Niederlande
Handelsregister der Handelskammer Midden-Niederlande, Nr. 30143697
Geschäftsführer: Alexander van der Ven, Astrid Kepper, Val Maher

Message #25 received at 785424@bugs.debian.org (full text, mbox, reply):

From: Gianfranco Costamagna <costamagnagianfranco@yahoo.it>

To: Frank Mehnert <frank.mehnert@oracle.com>

Cc: "785424@bugs.debian.org" <785424@bugs.debian.org>

Subject: Re: Re: Bug#785424: [Pkg-virtualbox-devel] Bug#785424: virtualbox: CVE-2015-3456: floppy driver host code execution

Date: Tue, 19 May 2015 08:35:10 +0000 (UTC)

Hi Frank, yes I know, I wasn't sure if an update was needeed for wheezy too.

I know the bug isn't related to the CVE, in fact I opened 785689 to track it down :)


Unfortunately we will need to make another upload for it.
cheers,

Gianfranco


Il Martedì 19 Maggio 2015 10:27, Frank Mehnert <frank.mehnert@oracle.com> ha scritto:
Hi Gianfranco,

ticket https://www.virtualbox.org/ticket/14128 is only about VBox version
4.3.18. No other version is affected by this bug. Note that this has nothing
to do with CVE-2015-3456.

Kind regards,

Frank


On Tuesday 19 May 2015 08:20:07 Gianfranco Costamagna wrote:
> Hi Frank, is 4.1.18 affected?
> 
> 
> cheers,
> 
> Gianfranco
> 
> 
> 
> 
> Il Lunedì 18 Maggio 2015 20:36, Frank Mehnert <frank.mehnert@oracle.com> ha
> scritto: Hi Gianfranco,
> 
> could you also have a look here?
> 
>  https://www.virtualbox.org/ticket/14128#comment:1
> 
> This is regarding the 4.3.18 Jessie package.
> 
> Thanks,
> 
> Frank
> 
> On Monday 18 May 2015 16:48:13 Gianfranco Costamagna wrote:
> > Hi
> > 
> > sid/testing:
> > 
> > - 4.3.28 is not affected (upload pending)
> > 
> > -jessie:
> > 4.3.18-dfsg-3+deb8u2 is fixed in git branch jessie, with the upstream
> > patch
> > 
> > http://anonscm.debian.org/cgit/pkg-virtualbox/virtualbox.git/commit/?h=jes
> > si e&id=990f846aec31871952b839ed93f7963f16bceb0c
> > 
> > -wheezy:
> > 4.1.18-dfsg-2+deb7u5 should be fixed in git branch wheezy with the (little
> > changed to remove fuzz and to find the file in the right location)
> > upstream
> > patch
> > 
> > http://anonscm.debian.org/cgit/pkg-virtualbox/virtualbox.git/commit/?h=whe
> > ez y&id=3426d960fc44c86b31d8755717499c83fc127194
> > 
> > I'm rebuilding right now them, sorry for the looooooong delay in fixing
> > them, upstream only ack'd the patch today, and I was also on VAC for two
> > days.
> > 
> > 
> > cheers,
> > 
> > Gianfranco
> > 
> > _______________________________________________
> > Pkg-virtualbox-devel mailing list
> > Pkg-virtualbox-devel@lists.alioth.debian.org
> > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-virtualbox-dev
> > el

-- 
Dr.-Ing. Frank Mehnert | Software Development Director, VirtualBox
ORACLE Deutschland B.V. & Co. KG | Werkstr. 24 | 71384 Weinstadt, Germany

ORACLE Deutschland B.V. & Co. KG
Hauptverwaltung: Riesstraße 25, D-80992 München
Registergericht: Amtsgericht München, HRA 95603

Komplementärin: ORACLE Deutschland Verwaltung B.V.
Hertogswetering 163/167, 3543 AS Utrecht, Niederlande
Handelsregister der Handelskammer Midden-Niederlande, Nr. 30143697
Geschäftsführer: Alexander van der Ven, Astrid Kepper, Val Maher

Message #30 received at 785424@bugs.debian.org (full text, mbox, reply):

From: Gianfranco Costamagna <costamagnagianfranco@yahoo.it>

To: Frank Mehnert <frank.mehnert@oracle.com>, "vbox-dev@virtualbox.org" <vbox-dev@virtualbox.org>, "785424@bugs.debian.org" <785424@bugs.debian.org>

Subject: Re: [vbox-dev] CVE-2015-3456 aka VENOM

Date: Tue, 19 May 2015 09:17:13 +0000 (UTC)

Hi Frank, are you sure the bug is really fixed?

the qemu patch seems to be different from the virtualbox one, and seems that the affected code is not fixed
http://git.qemu.org/?p=qemu.git;a=blobdiff;f=hw/block/fdc.c;h=d8a8edd936f42d4b1d801c996932668e456b5896;hp=f72a39216347e722496797555db9f208b0c5b4b2;hb=e907746266721f305d67bc0718795fedee2e824c;hpb=968bb75c348a401b85e08d5eb1887a3e6c3185f5


e.g.
https://security-tracker.debian.org/tracker/CVE-2015-3456
http://xenbits.xen.org/xsa/advisory-133.html

Message #35 received at 785424@bugs.debian.org (full text, mbox, reply):

From: Frank Mehnert <frank.mehnert@oracle.com>

To: Gianfranco Costamagna <costamagnagianfranco@yahoo.it>

Cc: "vbox-dev@virtualbox.org" <vbox-dev@virtualbox.org>, "785424@bugs.debian.org" <785424@bugs.debian.org>, Michal Necasek <michal.necasek@oracle.com>

Subject: Re: Re: [vbox-dev] CVE-2015-3456 aka VENOM

Date: Tue, 19 May 2015 11:24:15 +0200

Hi Gianfranco,

On Tuesday 19 May 2015 09:17:13 Gianfranco Costamagna wrote:
> Hi Frank, are you sure the bug is really fixed?
> 
> the qemu patch seems to be different from the virtualbox one, and seems that
> the affected code is not fixed
> http://git.qemu.org/?p=qemu.git;a=blobdiff;f=hw/block/fdc.c;h=d8a8edd936f42
> d4b1d801c996932668e456b5896;hp=f72a39216347e722496797555db9f208b0c5b4b2;hb=e
> 907746266721f305d67bc0718795fedee2e824c;hpb=968bb75c348a401b85e08d5eb1887a3e
> 6c3185f5
> 
> 
> e.g.
> https://security-tracker.debian.org/tracker/CVE-2015-3456
> http://xenbits.xen.org/xsa/advisory-133.html

the VirtualBox code is inherited from Qemu but the code is not the same.
Yes, we are sure the bug is fixed in VBox 4.3.28.

Kind regards,

Frank
-- 
Dr.-Ing. Frank Mehnert | Software Development Director, VirtualBox
ORACLE Deutschland B.V. & Co. KG | Werkstr. 24 | 71384 Weinstadt, Germany

ORACLE Deutschland B.V. & Co. KG
Hauptverwaltung: Riesstraße 25, D-80992 München
Registergericht: Amtsgericht München, HRA 95603

Komplementärin: ORACLE Deutschland Verwaltung B.V.
Hertogswetering 163/167, 3543 AS Utrecht, Niederlande
Handelsregister der Handelskammer Midden-Niederlande, Nr. 30143697
Geschäftsführer: Alexander van der Ven, Astrid Kepper, Val Maher

Message #40 received at 785424@bugs.debian.org (full text, mbox, reply):

From: Gianfranco Costamagna <costamagnagianfranco@yahoo.it>

To: Frank Mehnert <frank.mehnert@oracle.com>, "785424@bugs.debian.org" <785424@bugs.debian.org>

Cc: "vbox-dev@virtualbox.org" <vbox-dev@virtualbox.org>, "team@security.debian.org" <team@security.debian.org>

Subject: Re: Bug#785424: Re: [vbox-dev] CVE-2015-3456 aka VENOM

Date: Tue, 19 May 2015 09:36:45 +0000 (UTC)

[Message part 1 (text/plain, inline)]

Hi Debian security team, can we please followup with the two uploads then?

I'm attaching the two debdiffs,

chers,

Gianfranco




Il Martedì 19 Maggio 2015 11:27, Frank Mehnert <frank.mehnert@oracle.com> ha scritto:
Hi Gianfranco,

On Tuesday 19 May 2015 09:17:13 Gianfranco Costamagna wrote:
> Hi Frank, are you sure the bug is really fixed?
> 
> the qemu patch seems to be different from the virtualbox one, and seems that
> the affected code is not fixed
> http://git.qemu.org/?p=qemu.git;a=blobdiff;f=hw/block/fdc.c;h=d8a8edd936f42
> d4b1d801c996932668e456b5896;hp=f72a39216347e722496797555db9f208b0c5b4b2;hb=e
> 907746266721f305d67bc0718795fedee2e824c;hpb=968bb75c348a401b85e08d5eb1887a3e
> 6c3185f5
> 
> 
> e.g.
> https://security-tracker.debian.org/tracker/CVE-2015-3456
> http://xenbits.xen.org/xsa/advisory-133.html

the VirtualBox code is inherited from Qemu but the code is not the same.
Yes, we are sure the bug is fixed in VBox 4.3.28.

Kind regards,


Frank
-- 
Dr.-Ing. Frank Mehnert | Software Development Director, VirtualBox
ORACLE Deutschland B.V. & Co. KG | Werkstr. 24 | 71384 Weinstadt, Germany

ORACLE Deutschland B.V. & Co. KG
Hauptverwaltung: Riesstraße 25, D-80992 München
Registergericht: Amtsgericht München, HRA 95603

Komplementärin: ORACLE Deutschland Verwaltung B.V.
Hertogswetering 163/167, 3543 AS Utrecht, Niederlande
Handelsregister der Handelskammer Midden-Niederlande, Nr. 30143697
Geschäftsführer: Alexander van der Ven, Astrid Kepper, Val Maher

[jessie-debdiff (application/octet-stream, attachment)]

[wheezy-debdiff (application/octet-stream, attachment)]

Message #45 received at 785424@bugs.debian.org (full text, mbox, reply):

From: Frank Mehnert <frank.mehnert@oracle.com>

To: Gianfranco Costamagna <costamagnagianfranco@yahoo.it>

Cc: "785424@bugs.debian.org" <785424@bugs.debian.org>

Subject: Re: Re: Bug#785424: [Pkg-virtualbox-devel] Bug#785424: virtualbox: CVE-2015-3456: floppy driver host code execution

Date: Tue, 19 May 2015 10:27:34 +0200

Hi Gianfranco,

ticket https://www.virtualbox.org/ticket/14128 is only about VBox version
4.3.18. No other version is affected by this bug. Note that this has nothing
to do with CVE-2015-3456.

Kind regards,

Frank

On Tuesday 19 May 2015 08:20:07 Gianfranco Costamagna wrote:
> Hi Frank, is 4.1.18 affected?
> 
> 
> cheers,
> 
> Gianfranco
> 
> 
> 
> 
> Il Lunedì 18 Maggio 2015 20:36, Frank Mehnert <frank.mehnert@oracle.com> ha
> scritto: Hi Gianfranco,
> 
> could you also have a look here?
> 
>   https://www.virtualbox.org/ticket/14128#comment:1
> 
> This is regarding the 4.3.18 Jessie package.
> 
> Thanks,
> 
> Frank
> 
> On Monday 18 May 2015 16:48:13 Gianfranco Costamagna wrote:
> > Hi
> > 
> > sid/testing:
> > 
> > - 4.3.28 is not affected (upload pending)
> > 
> > -jessie:
> > 4.3.18-dfsg-3+deb8u2 is fixed in git branch jessie, with the upstream
> > patch
> > 
> > http://anonscm.debian.org/cgit/pkg-virtualbox/virtualbox.git/commit/?h=jes
> > si e&id=990f846aec31871952b839ed93f7963f16bceb0c
> > 
> > -wheezy:
> > 4.1.18-dfsg-2+deb7u5 should be fixed in git branch wheezy with the (little
> > changed to remove fuzz and to find the file in the right location)
> > upstream
> > patch
> > 
> > http://anonscm.debian.org/cgit/pkg-virtualbox/virtualbox.git/commit/?h=whe
> > ez y&id=3426d960fc44c86b31d8755717499c83fc127194
> > 
> > I'm rebuilding right now them, sorry for the looooooong delay in fixing
> > them, upstream only ack'd the patch today, and I was also on VAC for two
> > days.
> > 
> > 
> > cheers,
> > 
> > Gianfranco
> > 
> > _______________________________________________
> > Pkg-virtualbox-devel mailing list
> > Pkg-virtualbox-devel@lists.alioth.debian.org
> > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-virtualbox-dev
> > el

-- 
Dr.-Ing. Frank Mehnert | Software Development Director, VirtualBox
ORACLE Deutschland B.V. & Co. KG | Werkstr. 24 | 71384 Weinstadt, Germany

ORACLE Deutschland B.V. & Co. KG
Hauptverwaltung: Riesstraße 25, D-80992 München
Registergericht: Amtsgericht München, HRA 95603

Komplementärin: ORACLE Deutschland Verwaltung B.V.
Hertogswetering 163/167, 3543 AS Utrecht, Niederlande
Handelsregister der Handelskammer Midden-Niederlande, Nr. 30143697
Geschäftsführer: Alexander van der Ven, Astrid Kepper, Val Maher

Message #50 received at 785424@bugs.debian.org (full text, mbox, reply):

From: Moritz Mühlenhoff <jmm@inutil.org>

To: Gianfranco Costamagna <costamagnagianfranco@yahoo.it>

Cc: Frank Mehnert <frank.mehnert@oracle.com>, "785424@bugs.debian.org" <785424@bugs.debian.org>, "vbox-dev@virtualbox.org" <vbox-dev@virtualbox.org>, "team@security.debian.org" <team@security.debian.org>

Subject: Re: Bug#785424: Re: [vbox-dev] CVE-2015-3456 aka VENOM

Date: Wed, 20 May 2015 16:34:32 +0200

On Tue, May 19, 2015 at 09:36:45AM +0000, Gianfranco Costamagna wrote:
> Hi Debian security team, can we please followup with the two uploads then?
> 
> I'm attaching the two debdiffs,

Ok, please upload. Jessie needs to be build with "-sa" since virtualbox is
new in jessie-security.

I'll take care of the DSA.

Cheers,
        Moritz

Message #55 received at 785424-close@bugs.debian.org (full text, mbox, reply):

From: Ritesh Raj Sarraf <rrs@debian.org>

To: 785424-close@bugs.debian.org

Subject: Bug#785424: fixed in virtualbox 4.3.28-dfsg-1

Date: Fri, 22 May 2015 10:24:56 +0000

Source: virtualbox
Source-Version: 4.3.28-dfsg-1

We believe that the bug you reported is fixed in the latest version of
virtualbox, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 785424@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ritesh Raj Sarraf <rrs@debian.org> (supplier of updated virtualbox package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 14 May 2015 09:36:52 +0200
Source: virtualbox
Binary: virtualbox-qt virtualbox virtualbox-dbg virtualbox-dkms virtualbox-source virtualbox-guest-dkms virtualbox-guest-source virtualbox-guest-x11 virtualbox-guest-utils
Architecture: source amd64 all
Version: 4.3.28-dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Virtualbox Team <pkg-virtualbox-devel@lists.alioth.debian.org>
Changed-By: Ritesh Raj Sarraf <rrs@debian.org>
Description:
 virtualbox - x86 virtualization solution - base binaries
 virtualbox-dbg - x86 virtualization solution - debugging symbols
 virtualbox-dkms - x86 virtualization solution - kernel module sources for dkms
 virtualbox-guest-dkms - x86 virtualization solution - guest addition module source for dk
 virtualbox-guest-source - x86 virtualization solution - guest addition module source
 virtualbox-guest-utils - x86 virtualization solution - non-X11 guest utilities
 virtualbox-guest-x11 - x86 virtualization solution - X11 guest utilities
 virtualbox-qt - x86 virtualization solution - Qt based user interface
 virtualbox-source - x86 virtualization solution - kernel module source
Closes: 785161 785424 785655
Changes:
 virtualbox (4.3.28-dfsg-1) unstable; urgency=medium
 .
   * New upstream release (Closes: #785655).
     - fix for CVE-2015-3456 a.k.a. VENOM (Closes: #785424)
     - patch refresh.
     - remove d/p/37-diff_smap_4.patch.
   * Remove MAKE=kmk on virtualbox{,-guest}-source.files/rules
     (Closes: #785161).
     Upstream doesn't recommend using kmk to build kernel modules.
     this reverts 63fa6b7b86035b53e8d053b894814eccac9ce595
   * Add gbp.conf file.
Checksums-Sha1:
 ab164544939574ef54443fb8f7ae2d4c93eb6dcf 3708 virtualbox_4.3.28-dfsg-1.dsc
 e8b246c3967eb1f38b11864810ed41ce089192d5 45332156 virtualbox_4.3.28-dfsg.orig.tar.xz
 b01e5b6b554f07d29a569a64a51843685054e680 74600 virtualbox_4.3.28-dfsg-1.debian.tar.xz
 3c8651dbbd7bb000f1cede58223490b6c2b34da8 580434 virtualbox-dkms_4.3.28-dfsg-1_all.deb
 78c4c812db95c528f9769a4a420475b0b03effa5 684974 virtualbox-source_4.3.28-dfsg-1_all.deb
 4e1c2d911585b877520b3de7df0219debd02b374 491098 virtualbox-guest-dkms_4.3.28-dfsg-1_all.deb
 d8b335453ce15cb58a5b03b10b809c00602ae152 592640 virtualbox-guest-source_4.3.28-dfsg-1_all.deb
Checksums-Sha256:
 9da0095199fcf55ff03d9e6630ffbfe1e88da4650995905e9ceea0fcdec77480 3708 virtualbox_4.3.28-dfsg-1.dsc
 e352fd81058eb7130bccc0bb988a35b23dd30de2e56d4c7bd9963385f31c6e63 45332156 virtualbox_4.3.28-dfsg.orig.tar.xz
 48a688746fb34ea1900afb0aa167439025e30ec3beccbb002943d4584bc19b20 74600 virtualbox_4.3.28-dfsg-1.debian.tar.xz
 82d5aa31a20d9fa2d91529163ac5e3c637f6707cda6dc039fba8c530da888fbf 580434 virtualbox-dkms_4.3.28-dfsg-1_all.deb
 fe718eefadaee803af153974a3d07e48345db5cbd2e708b82d19851ab9d76a95 684974 virtualbox-source_4.3.28-dfsg-1_all.deb
 cd8b954c8fcbbc5d18e0940f14ff5c958908f29c4d65c8b410219cf3d6dd4d24 491098 virtualbox-guest-dkms_4.3.28-dfsg-1_all.deb
 8db82d5281bf17e4172fdd66a6bad219e9ba1d6fca09b362088a447b9c0d0d46 592640 virtualbox-guest-source_4.3.28-dfsg-1_all.deb
Files:
 61176a814a053b236597422a68848b52 3708 contrib/misc optional virtualbox_4.3.28-dfsg-1.dsc
 aab98af4c0859ed61fb7fb53f4cd794d 45332156 contrib/misc optional virtualbox_4.3.28-dfsg.orig.tar.xz
 f9919dac14f9db2ac986e3be6787e962 74600 contrib/misc optional virtualbox_4.3.28-dfsg-1.debian.tar.xz
 a94742d635eee4b3d7f926f25aa2394a 580434 contrib/kernel optional virtualbox-dkms_4.3.28-dfsg-1_all.deb
 7dcb2dbd7d7c8b91e1f4be748ad91313 684974 contrib/kernel optional virtualbox-source_4.3.28-dfsg-1_all.deb
 becc58972b9090d6f085ec27d130e263 491098 contrib/kernel optional virtualbox-guest-dkms_4.3.28-dfsg-1_all.deb
 e3e664aa5401e52df936bda3ddc1d591 592640 contrib/kernel optional virtualbox-guest-source_4.3.28-dfsg-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJVXuJAAAoJEKY6WKPy4XVpwk4P+wbkZ7XNaDBVRSaLZz33V2IE
dIorC1ufOWsZvRJxOi832qwcq/sclBiNl9JLMaexieH0FwXbZB3eXlz9IK3nQMLN
9yMU+aqmkQ46vGzK/muRA6nhXHBzssbYIlNCSeI+/JV/2/Whqo0lO3PZ0ZAUezfv
uPAU8C459xGcDpq0avXLwGu5dDS+YhsmO2lgTFCgH3lwBZ0oGQz5//xCaXP3RTHT
xdilEmrqkoBdimBg15RwhcXjQ/+FlH7Kl8Py6W/c6RmSMfRHGwhoqDbV9QmzKkbd
bGiohX7DlK3jdhS1hhIDWXzE+TFXBUO0PeLZyq9rT//Opd9af+G5cV8lYk65MhTD
6mGkqAMLhM54qkki4YjJZ8cRxNWbsi3jEpz0T5fZC4cmj81bPbnqXDR66J86pFNQ
Noif3LrCt4Q1biI0PxEUG/R6W1ZBRmNIhz2u4GibxtAwAH+SPmdB6aT790oOefzb
2cVwhA91eAdbCpqbbDpQIZ8imExyBm58UFK8HRVys1NFBpOvuI+yW/r5nILRP8N6
lsS/ceCu/CLS7I46UHqPvLGdXmxr+fWFREqfAmetBTOc9hPXNeQD/Withv05KIdJ
XN/npew4aHvNAHiK2HhXMXebvWZ/zwGVQOE6VoEHp/O+As7MX+N19Ai/aeYwkcD/
UZv/F8Kgvh/sE3SoFs0/
=3yn4
-----END PGP SIGNATURE-----

Message #60 received at 785424-close@bugs.debian.org (full text, mbox, reply):

From: Ritesh Raj Sarraf <rrs@debian.org>

To: 785424-close@bugs.debian.org

Subject: Bug#785424: fixed in virtualbox 4.3.18-dfsg-3+deb8u2

Date: Fri, 29 May 2015 07:17:07 +0000

Source: virtualbox
Source-Version: 4.3.18-dfsg-3+deb8u2

We believe that the bug you reported is fixed in the latest version of
virtualbox, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 785424@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ritesh Raj Sarraf <rrs@debian.org> (supplier of updated virtualbox package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 22 May 2015 16:42:03 IST
Source: virtualbox
Binary: virtualbox-qt virtualbox virtualbox-dbg virtualbox-dkms virtualbox-source virtualbox-guest-dkms virtualbox-guest-source virtualbox-guest-x11 virtualbox-guest-utils
Architecture: source all
Version: 4.3.18-dfsg-3+deb8u2
Distribution: jessie-security
Urgency: high
Maintainer: Debian Virtualbox Team <pkg-virtualbox-devel@lists.alioth.debian.org>
Changed-By: Ritesh Raj Sarraf <rrs@debian.org>
Description:
 virtualbox - x86 virtualization solution - base binaries
 virtualbox-dbg - x86 virtualization solution - debugging symbols
 virtualbox-dkms - x86 virtualization solution - kernel module sources for dkms
 virtualbox-guest-dkms - x86 virtualization solution - guest addition module source for dk
 virtualbox-guest-source - x86 virtualization solution - guest addition module source
 virtualbox-guest-utils - x86 virtualization solution - non-X11 guest utilities
 virtualbox-guest-x11 - x86 virtualization solution - X11 guest utilities
 virtualbox-qt - x86 virtualization solution - Qt based user interface
 virtualbox-source - x86 virtualization solution - kernel module source
Closes: 785424
Changes:
 virtualbox (4.3.18-dfsg-3+deb8u2) jessie-security; urgency=high
 .
   * d/p/CVE-2015-3456.patch fix for CVE-2015-3456 a.k.a. VENOM
     (Closes: #785424)
Checksums-Sha256: 
 376f9afd24608fd1e2a151853b761f0251b4d51992c4f13fbe8851d3fd4cab70 3733 virtualbox_4.3.18-dfsg-3+deb8u2.dsc
 6dcb5f86cc5d7517ffdd4f96a533b6afbc138c4b7a4c7f07cf6b2dbe42f92167 76768 virtualbox_4.3.18-dfsg-3+deb8u2.debian.tar.xz
 faea34d3c7602f712215e8867a8add681507b9442d3757cbeef3d7201283027d 576902 virtualbox-dkms_4.3.18-dfsg-3+deb8u2_all.deb
 4cc5958835afd019be0f2e5c5cd05ee1c2e0285205ee7491543abdec022f42bc 681916 virtualbox-source_4.3.18-dfsg-3+deb8u2_all.deb
 424842aa89cef16de60602dbf34c4425f4095f0bb3e26d02911e9580148f8f70 487836 virtualbox-guest-dkms_4.3.18-dfsg-3+deb8u2_all.deb
 80e3efd4a8222a54c5e8aa34121dc80a6a8dff34ea2d25c3ff82cf005ce6aa2a 591766 virtualbox-guest-source_4.3.18-dfsg-3+deb8u2_all.deb
 9759c0ebb88a408bee603023e888362185ea5e9dce31cd5d90550b240d3864a1 43452624 virtualbox_4.3.18-dfsg.orig.tar.xz
Checksums-Sha1: 
 8ac753d2428e681f9cb84553534e7934a601e853 3733 virtualbox_4.3.18-dfsg-3+deb8u2.dsc
 5d680c27f575188bb06abe18ac7cd7c6ef987a2a 76768 virtualbox_4.3.18-dfsg-3+deb8u2.debian.tar.xz
 fee1aebf8e737ea4bdba69485460ae250c2d6f5a 576902 virtualbox-dkms_4.3.18-dfsg-3+deb8u2_all.deb
 e39852338c477f79ef972d2555d0647d4fdefc66 681916 virtualbox-source_4.3.18-dfsg-3+deb8u2_all.deb
 f7085b5108bbd637a6f9ac47a8d78c794dcdb196 487836 virtualbox-guest-dkms_4.3.18-dfsg-3+deb8u2_all.deb
 960b830ee900329ecef0910691a7a54718b25e8a 591766 virtualbox-guest-source_4.3.18-dfsg-3+deb8u2_all.deb
 eb620e523134903bc466bacaf7c66a80abddaabf 43452624 virtualbox_4.3.18-dfsg.orig.tar.xz
Files: 
 73b7342cc0c577aee475c1e64e7c800a 3733 contrib/misc optional virtualbox_4.3.18-dfsg-3+deb8u2.dsc
 73bdc972803b1242b653a1ab95493a12 76768 contrib/misc optional virtualbox_4.3.18-dfsg-3+deb8u2.debian.tar.xz
 a5481ce6bda4562d88c45df2076177bc 576902 contrib/kernel optional virtualbox-dkms_4.3.18-dfsg-3+deb8u2_all.deb
 f9a5a77c5147ee3a70b6a17e5eec3e69 681916 contrib/kernel optional virtualbox-source_4.3.18-dfsg-3+deb8u2_all.deb
 d61d5c1ea7a16001ea7d5b74930433cb 487836 contrib/kernel optional virtualbox-guest-dkms_4.3.18-dfsg-3+deb8u2_all.deb
 0b57c12aa236bc8400ce6f807f279a94 591766 contrib/kernel optional virtualbox-guest-source_4.3.18-dfsg-3+deb8u2_all.deb
 b95045bc205c8ae718ef901092db1edf 43452624 contrib/misc optional virtualbox_4.3.18-dfsg.orig.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJVXxBaAAoJEKY6WKPy4XVpda0QAKkKyuq/9V8DvinZkJo6oLus
nncox+KpV+T76LKRGNeqDmNaTkh4Nn5gYhbT2JQLuBnH3ZJ7LyoHl0XEsTY4I0uV
x97LAz4Sam81u/eldZupp/lzWXF3m3MY310kGocK6PyOypqOUBUHfE5eIPWpuyhx
2AHBML9y+khJlp2xqkz1QHzIRzqFqV9YQk+NCNbsZDjaziToaql5Fd2MBSmUqfro
/l01cMlNf2zFSJE/5cUS7JvY7McBkYiwYMhoNR2COkOrtPJBHJnxtn/sLLBfCxVs
Iw65E/lxsjiDDm3mlSnc0HSm1RvACenNEzVCgkLooU0/JbaxNammLgoKIIokz7CU
V6Jjcjg1Scwz5YCiNPxSHv5ZHnx4EjZTHecWhrVVHgQ3eaNpNGUW3os3mC+aARvq
AMAopFtyZeJL4Qxrwlsk4QNwBpFYksOyc5tjcXtSImAdblPiJbGh6xeAzfjVHdVV
QdyuEVFnMwEoqIDRMB1YwUSVMkz0uRId/gJPq/o5EbJtqOzmUMzkVNqH0DokFx58
SG+R7KLexqmqgvqtoMGrVS6JW4PdC7+AtvZ/3TUKyDB231s7bEs35IencuqEwBE8
QgQTyI4Lex8t++7krRke5o22MrAKUjT9Cp6cBaTDHUqEpIn7AFbuamBzirCSTxGn
FTOL0fF4a8Tft5TaW4G8
=hd7E
-----END PGP SIGNATURE-----

Message #65 received at 785424-close@bugs.debian.org (full text, mbox, reply):

From: Ritesh Raj Sarraf <rrs@debian.org>

To: 785424-close@bugs.debian.org

Subject: Bug#785424: fixed in virtualbox 4.1.18-dfsg-2+deb7u5

Date: Sun, 31 May 2015 16:03:19 +0000

Source: virtualbox
Source-Version: 4.1.18-dfsg-2+deb7u5

We believe that the bug you reported is fixed in the latest version of
virtualbox, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 785424@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ritesh Raj Sarraf <rrs@debian.org> (supplier of updated virtualbox package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 18 May 2015 18:32:20 +0200
Source: virtualbox
Binary: virtualbox-qt virtualbox virtualbox-dbg virtualbox-dkms virtualbox-source virtualbox-guest-dkms virtualbox-guest-source virtualbox-guest-x11 virtualbox-guest-utils virtualbox-fuse virtualbox-ose-qt virtualbox-ose virtualbox-ose-dbg virtualbox-ose-dkms virtualbox-ose-source virtualbox-ose-guest-dkms virtualbox-ose-guest-source virtualbox-ose-guest-x11 virtualbox-ose-guest-utils virtualbox-ose-fuse
Architecture: source amd64 all
Version: 4.1.18-dfsg-2+deb7u5
Distribution: wheezy-security
Urgency: medium
Maintainer: Debian Virtualbox Team <pkg-virtualbox-devel@lists.alioth.debian.org>
Changed-By: Ritesh Raj Sarraf <rrs@debian.org>
Description: 
 virtualbox - x86 virtualization solution - base binaries
 virtualbox-dbg - x86 virtualization solution - debugging symbols
 virtualbox-dkms - x86 virtualization solution - kernel module sources for dkms
 virtualbox-fuse - x86 virtualization solution - virtual filesystem
 virtualbox-guest-dkms - x86 virtualization solution - guest addition module source for dk
 virtualbox-guest-source - x86 virtualization solution - guest addition module source
 virtualbox-guest-utils - x86 virtualization solution - non-X11 guest utilities
 virtualbox-guest-x11 - x86 virtualization solution - X11 guest utilities
 virtualbox-ose - transitional package for virtualbox
 virtualbox-ose-dbg - transitional package for virtualbox-dbg
 virtualbox-ose-dkms - transitional package for virtualbox-dkms
 virtualbox-ose-fuse - transitional package for virtualbox-fuse
 virtualbox-ose-guest-dkms - transitional package for virtualbox-guest-dkms
 virtualbox-ose-guest-source - transitional package for virtualbox-guest-source
 virtualbox-ose-guest-utils - transitional package for virtualbox-guest-utils
 virtualbox-ose-guest-x11 - transitional package for virtualbox-guest-x11
 virtualbox-ose-qt - transitional package for virtualbox-qt
 virtualbox-ose-source - transitional package for virtualbox-source
 virtualbox-qt - x86 virtualization solution - Qt based user interface
 virtualbox-source - x86 virtualization solution - kernel module source
Closes: 785424
Changes: 
 virtualbox (4.1.18-dfsg-2+deb7u5) wheezy-security; urgency=medium
 .
   * d/p/CVE-2015-3456.patch fix for CVE-2015-3456 a.k.a. VENOM
     (Closes: #785424)
Checksums-Sha1: 
 82ba2f50852829f117bb620839429f212cda13fb 4111 virtualbox_4.1.18-dfsg-2+deb7u5.dsc
 0eccc381a7ed919b40c951ca88193654d0de162e 105589 virtualbox_4.1.18-dfsg-2+deb7u5.debian.tar.gz
 abe425a97ae92cc8aa42b7a0a2185f48251cb03c 496306 virtualbox-dkms_4.1.18-dfsg-2+deb7u5_all.deb
 c824a4015670aeb4ebb672fb0d173ace357b3cad 597328 virtualbox-source_4.1.18-dfsg-2+deb7u5_all.deb
 bfec4dce750bd367be65bc81cbf7979eaf431ad3 434734 virtualbox-guest-dkms_4.1.18-dfsg-2+deb7u5_all.deb
 5e6c32ab0dc984242dc12c25b983fb513563b490 530040 virtualbox-guest-source_4.1.18-dfsg-2+deb7u5_all.deb
 3754004e9295d8fbaf9cd12d44d477c726fe2fd6 41488 virtualbox-ose-qt_4.1.18-dfsg-2+deb7u5_all.deb
 57a43d0e615fdd35398bfdda753881ac4551c5a8 41480 virtualbox-ose_4.1.18-dfsg-2+deb7u5_all.deb
 b8159496bdadc1b52b725b6b0dce8fc6c8cc4431 41490 virtualbox-ose-dbg_4.1.18-dfsg-2+deb7u5_all.deb
 895adcd6aa9a1048bf0eedcaae72799499c11a81 41492 virtualbox-ose-dkms_4.1.18-dfsg-2+deb7u5_all.deb
 d6c6863338f0ac4644f12ce560c6bd41a19db151 41492 virtualbox-ose-source_4.1.18-dfsg-2+deb7u5_all.deb
 099257752b6e3e27742531b0f6fe4773ea3602e4 41502 virtualbox-ose-guest-dkms_4.1.18-dfsg-2+deb7u5_all.deb
 cdbf01ec9683170b00c692214b60608d34963023 41502 virtualbox-ose-guest-source_4.1.18-dfsg-2+deb7u5_all.deb
 1668bb7eaad1e93e385bf9f52c8fa536110587d8 41502 virtualbox-ose-guest-x11_4.1.18-dfsg-2+deb7u5_all.deb
 45113ad15048ff7f010a7866a0ab66d3d5b5a67f 41502 virtualbox-ose-guest-utils_4.1.18-dfsg-2+deb7u5_all.deb
 99d861968ecd398360e7a7ce42b11d49d23bcd5c 41490 virtualbox-ose-fuse_4.1.18-dfsg-2+deb7u5_all.deb
Checksums-Sha256: 
 04058adf7c4ca694c17138148e404c5d36cd682e8b238ecc886ad897c51f25a4 4111 virtualbox_4.1.18-dfsg-2+deb7u5.dsc
 ce8603827ab2d9a6b3ea5be2a1c93a7420a187abb05db5af1c67627b84b442bc 105589 virtualbox_4.1.18-dfsg-2+deb7u5.debian.tar.gz
 8729ef1a396ab17d361b42cb11b4a529ddb633c9282258df431041d6ca469764 496306 virtualbox-dkms_4.1.18-dfsg-2+deb7u5_all.deb
 6ad46c07411e4ff4e4cd9dc505bb6f944b73936b8ba2702099287522be504e89 597328 virtualbox-source_4.1.18-dfsg-2+deb7u5_all.deb
 be49285f2dc6952b9cab98e70e00ed58bb375e4d487bc7c4c2c1623e36167b68 434734 virtualbox-guest-dkms_4.1.18-dfsg-2+deb7u5_all.deb
 45f1d8917c4259b76e8e4f2dab6ef4107e0e3a1aa1783a9947d6074d5e66f05e 530040 virtualbox-guest-source_4.1.18-dfsg-2+deb7u5_all.deb
 ab93ec371b2c39d9684f7e276a500a38ce5c3c67db47d9cf136e2d806824a5b4 41488 virtualbox-ose-qt_4.1.18-dfsg-2+deb7u5_all.deb
 cfbf88aa13e39a28d2adad2878ff486311f197e0a257a8d91ceb786db5fb900e 41480 virtualbox-ose_4.1.18-dfsg-2+deb7u5_all.deb
 a454d580f57f682ff65f6b3f5699c9d4d26267ced8f9d59f279677b770e1bf0d 41490 virtualbox-ose-dbg_4.1.18-dfsg-2+deb7u5_all.deb
 d01cafe40444465296dc70d1bb903517d714ad95f88a0a66b42d5168ee71fb9c 41492 virtualbox-ose-dkms_4.1.18-dfsg-2+deb7u5_all.deb
 92e9c1b1237f77996905696528ee1230342290c06be43ff3726cdabf0033d4b6 41492 virtualbox-ose-source_4.1.18-dfsg-2+deb7u5_all.deb
 af0ff33f5fc5246070a8930a608d25417535ec664b9e7fcbf9ff91e97f2cddfc 41502 virtualbox-ose-guest-dkms_4.1.18-dfsg-2+deb7u5_all.deb
 31b9d4f1e5d7eeecd0516087eeb007eaa0443840ad6c63ed372d031150a273f0 41502 virtualbox-ose-guest-source_4.1.18-dfsg-2+deb7u5_all.deb
 2b3522cbbeca142bfe9e38eb03ea12778e22a9638cd0ee2a08adcd4621dacde1 41502 virtualbox-ose-guest-x11_4.1.18-dfsg-2+deb7u5_all.deb
 f449e3d8f8aa154f177063076deec6c37dcb9f5928d1087f331df053076456d0 41502 virtualbox-ose-guest-utils_4.1.18-dfsg-2+deb7u5_all.deb
 239131df97aa02a98cd1c2a40d9c0f66e3faad8b9ac679ac0af7db106f5f6ed6 41490 virtualbox-ose-fuse_4.1.18-dfsg-2+deb7u5_all.deb
Files: 
 1b47558117facfa8aaf3375ef71495b1 4111 misc optional virtualbox_4.1.18-dfsg-2+deb7u5.dsc
 3c7c875cfd62fceaa725dc91b11666cf 105589 misc optional virtualbox_4.1.18-dfsg-2+deb7u5.debian.tar.gz
 3765bd8fcaafb111390c8f6cf3c0c5a6 496306 kernel optional virtualbox-dkms_4.1.18-dfsg-2+deb7u5_all.deb
 4440b49da20eb7e2517dad68f2fe7a89 597328 kernel optional virtualbox-source_4.1.18-dfsg-2+deb7u5_all.deb
 66088ad784bec3e2cf98fa4ea80982ad 434734 kernel optional virtualbox-guest-dkms_4.1.18-dfsg-2+deb7u5_all.deb
 ef7e3429521faaf702e5e79b65c1c9aa 530040 kernel optional virtualbox-guest-source_4.1.18-dfsg-2+deb7u5_all.deb
 8eb6c86e263e4369054a98e9363e6082 41488 oldlibs extra virtualbox-ose-qt_4.1.18-dfsg-2+deb7u5_all.deb
 69b536c07ba76868e5a80d8e865d1b7f 41480 oldlibs extra virtualbox-ose_4.1.18-dfsg-2+deb7u5_all.deb
 8296502b3a215984a61f42583de98d4e 41490 oldlibs extra virtualbox-ose-dbg_4.1.18-dfsg-2+deb7u5_all.deb
 02869a7e97cda4ff9614135fe91e01dc 41492 oldlibs extra virtualbox-ose-dkms_4.1.18-dfsg-2+deb7u5_all.deb
 5736e72250fb465242e0a428e018128a 41492 oldlibs extra virtualbox-ose-source_4.1.18-dfsg-2+deb7u5_all.deb
 f351af3fb93b6e678a88d90356db78ee 41502 oldlibs extra virtualbox-ose-guest-dkms_4.1.18-dfsg-2+deb7u5_all.deb
 142e639344715ab7c8b19ad24fadb2e5 41502 oldlibs extra virtualbox-ose-guest-source_4.1.18-dfsg-2+deb7u5_all.deb
 e3e50a89b061da543fd9874b0f23ce54 41502 oldlibs extra virtualbox-ose-guest-x11_4.1.18-dfsg-2+deb7u5_all.deb
 42407daf167ed862d13bf5798def9040 41502 oldlibs extra virtualbox-ose-guest-utils_4.1.18-dfsg-2+deb7u5_all.deb
 8c154a184e4e205fbec3fdc6d4dd0969 41490 oldlibs extra virtualbox-ose-fuse_4.1.18-dfsg-2+deb7u5_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJVXuFDAAoJEKY6WKPy4XVpSl0QAJz7nAu4DCOCMIupKTgfuphe
VAKNLTwGdefXmkeNSWRm0D5kTAKbz4TChtL6q6lgQ+AqFlK01MjpP+lA8coBE0Dd
nRM63X+9Mm0PsYYIwtu42PY7Dd28brP7Y5jRlBXRs0G5jJ0BEqJCEPV2L4WcTzT5
JwrK3ST7OZsWge2DK+bijzagXmvierHTwSkdeyU4jR1ug5NZNUI5D2vT2qqlhdwn
ngG8Y9B2z/RhnvZ2dG8CTv5nkBWuFf3cywzTmxXlR1Lj7amBZo7Pkiz8wijW5Ecl
waFjnx7VejKwAnoX/N2Rn0pD5esgm/ptU5vWQu+9FgTSYXInGeO7KYnkNt+LJuTB
TsHWh8OGBYI/Oqs/Lsfz1Vn4e4Gh5Lt9WMbGglAdizq54rEjdfJiGaJJTzEec71J
YHJWoi7h03859XUuS7tLXtBqPtW2kG6JnE9Od3NZ8cj/m322J8/1P3ePHPPdSwYi
2bK4TAfEGIjld8i/nOS8+3DrBJxKyDixfYztMOOgdOuPJHrnyql0bqRqyuVHUHVY
NGfQH1JtPA1vyCKysG/U36Pp1/LQtoXmgUt6vBhqPHBV/U1DkdNSq4DuTnl9ed0N
46jpr4vamMbf6+bHNIF0EUQmqBjKA3C99pl0PMXD/QgKVuCEqE0ndU21MDuCpQxZ
0T0WASIzcElDuAj5uJc8
=Fkan
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.