diff -Nru virtualbox-5.2.18-dfsg/debian/changelog virtualbox-5.2.18-dfsg/debian/changelog --- virtualbox-5.2.18-dfsg/debian/changelog 2018-08-17 17:02:22.000000000 +0200 +++ virtualbox-5.2.18-dfsg/debian/changelog 2018-12-27 01:41:57.000000000 +0100 @@ -1,3 +1,13 @@ +virtualbox (5.2.18-dfsg-2ubuntu18.10.1) cosmic-security; urgency=medium + + * debian/patches/fix-for-guest-to-host-escape-vulnerability.patch: + - Apply patch for guest-to-host escape vulnerability (LP: #1809156) + - CVE-2018-3294 + * cherry-pick build fix by using java8 (from 5.2.20 Debian uploads) + - use java8 again, java11 removes wsimport, useful to have the build finish. + + -- Martin Konrad Wed, 26 Dec 2018 19:41:57 -0500 + virtualbox (5.2.18-dfsg-2) unstable; urgency=medium * debian/patches/kernel-4.18.patch: diff -Nru virtualbox-5.2.18-dfsg/debian/control virtualbox-5.2.18-dfsg/debian/control --- virtualbox-5.2.18-dfsg/debian/control 2018-08-15 22:59:31.000000000 +0200 +++ virtualbox-5.2.18-dfsg/debian/control 2018-12-27 01:41:57.000000000 +0100 @@ -6,7 +6,7 @@ Gianfranco Costamagna Build-Depends: bzip2, debhelper (>= 10), - default-jdk, + openjdk-8-jdk-headless, dh-python, dh-systemd (>=1.5), dkms (>= 2.1.1.1), diff -Nru virtualbox-5.2.18-dfsg/debian/patches/fix-guest-to-host-escape-vulnerability.patch virtualbox-5.2.18-dfsg/debian/patches/fix-guest-to-host-escape-vulnerability.patch --- virtualbox-5.2.18-dfsg/debian/patches/fix-guest-to-host-escape-vulnerability.patch 1970-01-01 01:00:00.000000000 +0100 +++ virtualbox-5.2.18-dfsg/debian/patches/fix-guest-to-host-escape-vulnerability.patch 2018-12-27 01:41:57.000000000 +0100 @@ -0,0 +1,20 @@ +Description: Security fix for guest-to-host escape +Origin: upstream, https://www.virtualbox.org/changeset/75330 +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1809156 +Applied-Upstream: 5.2.22 +Index: virtualbox-5.2.18-dfsg/src/VBox/Devices/Network/DevE1000.cpp +=================================================================== +--- virtualbox-5.2.18-dfsg.orig/src/VBox/Devices/Network/DevE1000.cpp ++++ virtualbox-5.2.18-dfsg/src/VBox/Devices/Network/DevE1000.cpp +@@ -4877,6 +4877,11 @@ static int e1kXmitDesc(PE1KSTATE pThis, + if (pDesc->data.cmd.u20DTALEN == 0 || pDesc->data.u64BufAddr == 0) + { + E1kLog2(("% Empty data descriptor, skipped.\n", pThis->szPrf)); ++ if (pDesc->data.cmd.fEOP) ++ { ++ e1kTransmitFrame(pThis, fOnWorkerThread); ++ pThis->u16TxPktLen = 0; ++ } + } + else + { diff -Nru virtualbox-5.2.18-dfsg/debian/patches/series virtualbox-5.2.18-dfsg/debian/patches/series --- virtualbox-5.2.18-dfsg/debian/patches/series 2018-08-17 17:02:22.000000000 +0200 +++ virtualbox-5.2.18-dfsg/debian/patches/series 2018-12-27 01:41:57.000000000 +0100 @@ -20,3 +20,4 @@ new-gcc.patch do-not-run-if-not-in-vm.patch kernel-4.18.patch +fix-guest-to-host-escape-vulnerability.patch diff -Nru virtualbox-5.2.18-dfsg/debian/rules virtualbox-5.2.18-dfsg/debian/rules --- virtualbox-5.2.18-dfsg/debian/rules 2018-07-17 19:41:23.000000000 +0200 +++ virtualbox-5.2.18-dfsg/debian/rules 2018-12-27 01:41:57.000000000 +0100 @@ -27,6 +27,7 @@ export DEB_BUILD_HARDENING_PIE=0 export DEB_BUILD_HARDENING_FORMAT=0 export DEB_BUILD_HARDENING_BINDNOW=0 +DEB_HOST_ARCH ?= $(shell dpkg-architecture -qDEB_HOST_ARCH) export DEB_BUILD_MAINT_OPTIONS = hardening=+all,-pie,-format,-bindnow @@ -68,6 +69,7 @@ VBOX_WITH_REGISTRATION_REQUEST= \ VBOX_WITH_UPDATE_REQUEST= \ KBUILD_VERBOSE=2 \ + VBOX_JAVA_HOME=/usr/lib/jvm/java-8-openjdk-$(DEB_HOST_ARCH) \ VBOX_WITH_EXTPACK_VBOXDTRACE= xsltproc --nonet --stringparam section.autolabel 1 \