diff -Nru virtualbox-4.2.10-dfsg/debian/changelog virtualbox-4.2.10-dfsg/debian/changelog
--- virtualbox-4.2.10-dfsg/debian/changelog	2013-04-01 13:29:08.000000000 +0200
+++ virtualbox-4.2.10-dfsg/debian/changelog	2013-07-23 19:07:08.000000000 +0200
@@ -1,3 +1,12 @@
+virtualbox (4.2.10-dfsg-0ubuntu2.1) raring-security; urgency=low
+
+  * SECURITY UPDATE: virtio-net host DoS vulnerability. (LP: #1204185)
+    - debian/patches/38-CVE-2013-3792.patch: disable UDP Fragmentation Offload
+      in host direction. Patch backported from upstream.
+    - CVE-2013-3792
+
+ -- Felix Geyer <debfx@ubuntu.com>  Tue, 23 Jul 2013 19:05:03 +0200
+
 virtualbox (4.2.10-dfsg-0ubuntu2) raring; urgency=low
 
   * Link VBoxOGL against the X libraries it requires.
diff -Nru virtualbox-4.2.10-dfsg/debian/patches/38-CVE-2013-3792.patch virtualbox-4.2.10-dfsg/debian/patches/38-CVE-2013-3792.patch
--- virtualbox-4.2.10-dfsg/debian/patches/38-CVE-2013-3792.patch	1970-01-01 01:00:00.000000000 +0100
+++ virtualbox-4.2.10-dfsg/debian/patches/38-CVE-2013-3792.patch	2013-07-23 19:09:00.000000000 +0200
@@ -0,0 +1,18 @@
+Description: Fix CVE-2013-3792: Paravirtualised Network Adapter Denial of Service Vulnerability.
+ Dev/VirtioNet: Disabled UFO in host direction (#6821)
+Origin: upstream, https://www.virtualbox.org/changeset/46576/vbox
+Bug: https://www.virtualbox.org/ticket/11863
+Bug-Debian: http://bugs.debian.org/715327
+Bug-Ubuntu: https://bugs.launchpad.net/bugs/1204185
+
+--- a/src/VBox/Devices/Network/DevVirtioNet.cpp
++++ b/src/VBox/Devices/Network/DevVirtioNet.cpp
+@@ -379,7 +379,7 @@
+         | VNET_F_CSUM
+         | VNET_F_HOST_TSO4
+         | VNET_F_HOST_TSO6
+-        | VNET_F_HOST_UFO
++/*        | VNET_F_HOST_UFO   -- Disabled temporarely (see @bugref{6821}) */
+         | VNET_F_GUEST_TSO4
+         | VNET_F_GUEST_TSO6
+         | VNET_F_GUEST_UFO
diff -Nru virtualbox-4.2.10-dfsg/debian/patches/series virtualbox-4.2.10-dfsg/debian/patches/series
--- virtualbox-4.2.10-dfsg/debian/patches/series	2013-03-31 23:25:00.000000000 +0200
+++ virtualbox-4.2.10-dfsg/debian/patches/series	2013-07-23 19:04:57.000000000 +0200
@@ -15,3 +15,4 @@
 35-libvdeplug-soname.patch
 36-python-multiarch.patch
 37-wheezy-kernel-drm.patch
+38-CVE-2013-3792.patch