[vbox-dev] Bug#785424: Re: CVE-2015-3456 aka VENOM

Gianfranco Costamagna costamagnagianfranco at yahoo.it
Tue May 19 09:36:45 UTC 2015

Hi Debian security team, can we please followup with the two uploads then?

I'm attaching the two debdiffs,



Il Martedì 19 Maggio 2015 11:27, Frank Mehnert <frank.mehnert at oracle.com> ha scritto:
Hi Gianfranco,

On Tuesday 19 May 2015 09:17:13 Gianfranco Costamagna wrote:
> Hi Frank, are you sure the bug is really fixed?
> the qemu patch seems to be different from the virtualbox one, and seems that
> the affected code is not fixed
> http://git.qemu.org/?p=qemu.git;a=blobdiff;f=hw/block/fdc.c;h=d8a8edd936f42
> d4b1d801c996932668e456b5896;hp=f72a39216347e722496797555db9f208b0c5b4b2;hb=e
> 907746266721f305d67bc0718795fedee2e824c;hpb=968bb75c348a401b85e08d5eb1887a3e
> 6c3185f5
> e.g.
> https://security-tracker.debian.org/tracker/CVE-2015-3456
> http://xenbits.xen.org/xsa/advisory-133.html

the VirtualBox code is inherited from Qemu but the code is not the same.
Yes, we are sure the bug is fixed in VBox 4.3.28.

Kind regards,

Dr.-Ing. Frank Mehnert | Software Development Director, VirtualBox
ORACLE Deutschland B.V. & Co. KG | Werkstr. 24 | 71384 Weinstadt, Germany

ORACLE Deutschland B.V. & Co. KG
Hauptverwaltung: Riesstraße 25, D-80992 München
Registergericht: Amtsgericht München, HRA 95603

Komplementärin: ORACLE Deutschland Verwaltung B.V.
Hertogswetering 163/167, 3543 AS Utrecht, Niederlande
Handelsregister der Handelskammer Midden-Niederlande, Nr. 30143697
Geschäftsführer: Alexander van der Ven, Astrid Kepper, Val Maher
-------------- next part --------------
A non-text attachment was scrubbed...
Name: jessie-debdiff
Type: application/octet-stream
Size: 4862 bytes
Desc: not available
Url : http://www.virtualbox.org/pipermail/vbox-dev/attachments/20150519/51624d31/attachment-0002.obj 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: wheezy-debdiff
Type: application/octet-stream
Size: 5015 bytes
Desc: not available
Url : http://www.virtualbox.org/pipermail/vbox-dev/attachments/20150519/51624d31/attachment-0003.obj 

More information about the vbox-dev mailing list