Ubuntu
virtualbox package

virtualbox SRU for CVEs

Bug #1538115 reported by Gianfranco Costamagna
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
virtualbox (Ubuntu)
Fix Released
Medium
Steve Beattie

Bug Description

As usual, I uploaded the fixes in my ppa

virtualbox 5.0.14-dfsg-1ubuntu1.15.10.2 (from xenial)
virtualbox 4.3.36-dfsg-1+deb8u1ubuntu1.15.04.1 (from debian jessie-security upload)
virtualbox 4.3.36-dfsg-1+deb8u1ubuntu1.14.04.1 (from debian jessie-security upload)

https://launchpad.net/~costamagnagianfranco/+archive/ubuntu/locutusofborg-ppa/

4.1.44 is EOL upstream, so I would like to avoid making mistakes in badly backporting patches.

Revision history for this message
Steve Beattie (sbeattie) wrote :

Thanks, looking at these now. I note that the wily package includes the new systemd unit for vboxweb. While it's supposed to be disabled by default by dh_systemd, has it been tested at all on wily?

Changed in virtualbox (Ubuntu):
status: New → In Progress
importance: Undecided → Medium
assignee: nobody → Steve Beattie (sbeattie)
Revision history for this message
Steve Beattie (sbeattie) wrote :

Also for wily, the version needs to be lower than the version that was sync'ed to xenial from debian (i.e. << 5.0.14-dfsg-1) so that users upgrading from wily to xenial get the xenial version of the package. So I'm adjusting the version for wily to
5.0.14-dfsg-0ubuntu1.15.10.2.

Mathew Hodson (mhodson)
information type: Public → Public Security
Revision history for this message
Steve Beattie (sbeattie) wrote :

For the record, I have built these packages in the ubuntu-security-proposed ppa ( https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa ) and will likely publish them early next week. Thanks!

Revision history for this message
Gianfranco Costamagna (costamagnagianfranco) wrote :

thanks!!!

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package virtualbox - 4.3.36-dfsg-1+deb8u1ubuntu1.14.04.1

---------------
virtualbox (4.3.36-dfsg-1+deb8u1ubuntu1.14.04.1) trusty-security; urgency=medium

  * Upload to trusty-security (LP: #1538115)

virtualbox (4.3.36-dfsg-1+deb8u1) jessie-security; urgency=medium

  * New upstream bugfix release.
    - Addressed CVE-2016-0592, CVE-2016-0495, CVE-2015-8104,
      CVE-2015-7183, CVE-2015-5307

 -- Gianfranco Costamagna <email address hidden> Tue, 26 Jan 2016 11:12:59 +0100

Changed in virtualbox (Ubuntu):
status: In Progress → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package virtualbox - 5.0.14-dfsg-0ubuntu1.15.10.1

---------------
virtualbox (5.0.14-dfsg-0ubuntu1.15.10.1) wily-security; urgency=medium

  * Upload to wily-security (LP: #1538115)
  * Remove xserver-xorg-legacy runtime dependency, not available on wily.

virtualbox (5.0.14-dfsg-1) unstable; urgency=medium

  * new upstream release.
  * Rework rules file to work also when only guest packages needs to be built.
  * Merge VBox.sh script with upstream, and add procps to runtime dependencies
    thanks Andreas Beckmann <email address hidden> (Closes: #802143)
    -cfr https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802143#26

 -- Gianfranco Costamagna <email address hidden> Tue, 26 Jan 2016 13:09:55 +0100

Changed in virtualbox (Ubuntu):
status: In Progress → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package virtualbox - 4.3.36-dfsg-1+deb8u1ubuntu1.15.04.1

---------------
virtualbox (4.3.36-dfsg-1+deb8u1ubuntu1.15.04.1) vivid-security; urgency=medium

  * Upload to vivid-security (LP: #1538115)

virtualbox (4.3.36-dfsg-1+deb8u1) jessie-security; urgency=medium

  * New upstream bugfix release.
    - Addressed CVE-2016-0592, CVE-2016-0495, CVE-2015-8104,
      CVE-2015-7183, CVE-2015-5307

 -- Gianfranco Costamagna <email address hidden> Tue, 26 Jan 2016 11:12:59 +0100

Changed in virtualbox (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.