[vbox-dev] CVE-2015-3456 aka VENOM

Fri May 15 09:23:15 UTC 2015

Hi,

Could an experienced dev validate that this diff between VBox 4.3.26 & 
4.3.28 is indeed a fix CVE-2015-3456 ? http://pastebin.com/hb5Fbwku
QEMU patch for reference: 
http://git.qemu.org/?p=qemu.git;a=blobdiff;f=hw/block/fdc.c;h=d8a8edd936f42d4b1d801c996932668e456b5896;hp=f72a39216347e722496797555db9f208b0c5b4b2;hb=e907746266721f305d67bc0718795fedee2e824c;hpb=968bb75c348a401b85e08d5eb1887a3e6c3185f5

Thank you!
Max