Debian Bug report logs -
#754939
virtualbox: Multiple security issues
Reported by: Moritz Muehlenhoff <jmm@inutil.org>
Date: Wed, 16 Jul 2014 08:00:02 UTC
Severity: grave
Tags: security
Fixed in version virtualbox/4.3.12-dfsg-1
Done: Balint Reczey <balint@balintreczey.hu>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Virtualbox Team <pkg-virtualbox-devel@lists.alioth.debian.org>
:
Bug#754939
; Package virtualbox
.
(Wed, 16 Jul 2014 08:00:07 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@inutil.org>
:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Virtualbox Team <pkg-virtualbox-devel@lists.alioth.debian.org>
.
(Wed, 16 Jul 2014 08:00:07 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: virtualbox
Severity: grave
Tags: security
Justification: user security hole
No specific details on impact are available:
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
CVE-2014-2487
CVE-2014-4261
CVE-2014-2489
CVE-2014-2477
CVE-2014-2486
CVE-2014-2488
CVE-2014-4228
Cheers,
Moritz
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Virtualbox Team <pkg-virtualbox-devel@lists.alioth.debian.org>
:
Bug#754939
; Package virtualbox
.
(Wed, 16 Jul 2014 22:30:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Sam Morris <sam@robots.org.uk>
:
Extra info received and forwarded to list. Copy sent to Debian Virtualbox Team <pkg-virtualbox-devel@lists.alioth.debian.org>
.
(Wed, 16 Jul 2014 22:30:05 GMT) (full text, mbox, link).
Message #10 received at 754939@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
fixed 754939 4.3.12-dfsg-1
thanks
I've checked these CVEs against
<http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html> and I don't think they apply to virtualbox in Debian:
> CVE-2014-2487
Applies only when VirtualBox is running on a Windows host operating system
> CVE-2014-4261
Applies only when VirtualBox is running on a Windows host operating system
> CVE-2014-2489
Applies to virtualbox << 4.3.12
> CVE-2014-2477
Applies to virtualbox << 4.3.12
> CVE-2014-2486
Applies to virtualbox << 4.3.12
> CVE-2014-2488
Applies to virtualbox << 4.3.12
> CVE-2014-4228
Applies to virtualbox << 4.3.12
--
Sam Morris <https://robots.org.uk/>
CAAA AA1A CA69 A83A 892B 1855 D20B 4202 5CDA 27B9
[signature.asc (application/pgp-signature, inline)]
Marked as fixed in versions virtualbox/4.3.12-dfsg-1.
Request was from Sam Morris <sam@robots.org.uk>
to control@bugs.debian.org
.
(Wed, 16 Jul 2014 22:30:08 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Virtualbox Team <pkg-virtualbox-devel@lists.alioth.debian.org>
:
Bug#754939
; Package virtualbox
.
(Wed, 16 Jul 2014 22:36:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Sam Morris <sam@robots.org.uk>
:
Extra info received and forwarded to list. Copy sent to Debian Virtualbox Team <pkg-virtualbox-devel@lists.alioth.debian.org>
.
(Wed, 16 Jul 2014 22:36:05 GMT) (full text, mbox, link).
Message #17 received at 754939@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
fixed 754939 4.3.12-dfsg-1
thanks
I've checked these CVEs against
<http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html> and I don't think they apply to virtualbox in Debian:
> CVE-2014-2487
Applies only when VirtualBox is running on a Windows host operating system
> CVE-2014-4261
Applies only when VirtualBox is running on a Windows host operating system
> CVE-2014-2489
Applies to virtualbox << 4.3.12
> CVE-2014-2477
Applies to virtualbox << 4.3.12
> CVE-2014-2486
Applies to virtualbox << 4.3.12
> CVE-2014-2488
Applies to virtualbox << 4.3.12
> CVE-2014-4228
Applies to virtualbox << 4.3.12
--
Sam Morris <https://robots.org.uk/>
CAAA AA1A CA69 A83A 892B 1855 D20B 4202 5CDA 27B9
[signature.asc (application/pgp-signature, inline)]
Reply sent
to Balint Reczey <balint@balintreczey.hu>
:
You have taken responsibility.
(Sat, 26 Jul 2014 22:27:09 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@inutil.org>
:
Bug acknowledged by developer.
(Sat, 26 Jul 2014 22:27:09 GMT) (full text, mbox, link).
Message #22 received at 754939-done@bugs.debian.org (full text, mbox, reply):
Bug has been marked as fixed, but has not been closed.
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Sun, 24 Aug 2014 07:28:34 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:33:05 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.