diff -Nru virtualbox-4.1.18-dfsg/debian/changelog virtualbox-4.1.18-dfsg/debian/changelog
--- virtualbox-4.1.18-dfsg/debian/changelog	2015-01-28 08:39:56.000000000 +0100
+++ virtualbox-4.1.18-dfsg/debian/changelog	2015-05-19 11:33:59.000000000 +0200
@@ -1,3 +1,10 @@
+virtualbox (4.1.18-dfsg-2+deb7u5) wheezy-security; urgency=medium
+
+  * d/p/CVE-2015-3456.patch fix for CVE-2015-3456 a.k.a. VENOM
+    (Closes: #785424)
+
+ -- Gianfranco Costamagna <costamagnagianfranco@yahoo.it>  Mon, 18 May 2015 18:32:20 +0200
+
 virtualbox (4.1.18-dfsg-2+deb7u4) wheezy-security; urgency=medium
 
   [ Frank Mehnert ]
diff -Nru virtualbox-4.1.18-dfsg/debian/gbp.conf virtualbox-4.1.18-dfsg/debian/gbp.conf
--- virtualbox-4.1.18-dfsg/debian/gbp.conf	1970-01-01 01:00:00.000000000 +0100
+++ virtualbox-4.1.18-dfsg/debian/gbp.conf	2015-05-19 11:33:59.000000000 +0200
@@ -0,0 +1,10 @@
+[DEFAULT]
+pristine-tar = True
+sign-tags = True
+color = auto
+
+[git-import-orig]
+dch = True
+
+[git-dch]
+id-length = 7
diff -Nru virtualbox-4.1.18-dfsg/debian/patches/CVE-2015-3456.patch virtualbox-4.1.18-dfsg/debian/patches/CVE-2015-3456.patch
--- virtualbox-4.1.18-dfsg/debian/patches/CVE-2015-3456.patch	1970-01-01 01:00:00.000000000 +0100
+++ virtualbox-4.1.18-dfsg/debian/patches/CVE-2015-3456.patch	2015-05-19 11:33:59.000000000 +0200
@@ -0,0 +1,74 @@
+Index: virtualbox/src/VBox/Devices/Storage/fdc.c
+===================================================================
+--- virtualbox.orig/src/VBox/Devices/Storage/fdc.c
++++ virtualbox/src/VBox/Devices/Storage/fdc.c
+@@ -1514,7 +1514,7 @@
+         FLOPPY_ERROR("controller not ready for reading\n");
+         return 0;
+     }
+-    pos = fdctrl->data_pos;
++    pos = fdctrl->data_pos % FD_SECTOR_LEN;
+     if (fdctrl->msr & FD_MSR_NONDMA) {
+         pos %= FD_SECTOR_LEN;
+         if (pos == 0) {
+@@ -1736,7 +1736,7 @@
+ {
+     fdrive_t *cur_drv = get_cur_drv(fdctrl);
+ 
+-    /* XXX: should set main status register to busy */
++    fdctrl->msr &= ~FD_MSR_RQM;
+     cur_drv->head = (fdctrl->fifo[1] >> 2) & 1;
+ #ifdef VBOX
+     TMTimerSetMillies(fdctrl->result_timer, 1000 / 50);
+@@ -1897,22 +1897,25 @@
+ {
+     fdrive_t *cur_drv = get_cur_drv(fdctrl);
+ 
+-    if (fdctrl->fifo[fdctrl->data_pos - 1] & 0x80) {
++    /* This command takes a variable number of parameters. It can be terminated
++     * at any time if the high bit of a parameter is set. Once there are 6 bytes
++     * in the FIFO (command + 5 parameter bytes), data_len/data_pos will be 7.
++     */
++    if (fdctrl->data_len == 7 || (fdctrl->fifo[fdctrl->data_pos - 1] & 0x80)) {
++
+         /* Command parameters done */
+         if (fdctrl->fifo[fdctrl->data_pos - 1] & 0x40) {
+-            fdctrl->fifo[0] = fdctrl->fifo[1];
++            /* Data is echoed, but not stored! */
++            fdctrl->fifo[0] = fdctrl->data_len > 2 ? fdctrl->fifo[1] : 0;
++            fdctrl->fifo[1] = fdctrl->data_len > 3 ? fdctrl->fifo[2] : 0;
+             fdctrl->fifo[2] = 0;
+             fdctrl->fifo[3] = 0;
+             fdctrl_set_fifo(fdctrl, 4, 0);
+         } else {
+             fdctrl_reset_fifo(fdctrl);
+         }
+-    } else if (fdctrl->data_len > 7) {
+-        /* ERROR */
+-        fdctrl->fifo[0] = 0x80 |
+-            (cur_drv->head << 2) | GET_CUR_DRV(fdctrl);
+-        fdctrl_set_fifo(fdctrl, 1, 0);
+-    }
++    } else
++        fdctrl->data_len++; /* Wait for another byte. */
+ }
+ 
+ static void fdctrl_handle_relative_seek_out(fdctrl_t *fdctrl, int direction)
+@@ -1977,7 +1980,7 @@
+     { FD_CMD_CONFIGURE, 0xff, "CONFIGURE", 3, fdctrl_handle_configure },
+     { FD_CMD_POWERDOWN_MODE, 0xff, "POWERDOWN MODE", 2, fdctrl_handle_powerdown_mode },
+     { FD_CMD_OPTION, 0xff, "OPTION", 1, fdctrl_handle_option },
+-    { FD_CMD_DRIVE_SPECIFICATION_COMMAND, 0xff, "DRIVE SPECIFICATION COMMAND", 5, fdctrl_handle_drive_specification_command },
++    { FD_CMD_DRIVE_SPECIFICATION_COMMAND, 0xff, "DRIVE SPECIFICATION COMMAND", 1, fdctrl_handle_drive_specification_command },
+     { FD_CMD_RELATIVE_SEEK_OUT, 0xff, "RELATIVE SEEK OUT", 2, fdctrl_handle_relative_seek_out },
+     { FD_CMD_FORMAT_AND_WRITE, 0xff, "FORMAT AND WRITE", 10, fdctrl_unimplemented },
+     { FD_CMD_RELATIVE_SEEK_IN, 0xff, "RELATIVE SEEK IN", 2, fdctrl_handle_relative_seek_in },
+@@ -2038,7 +2041,7 @@
+     }
+ 
+     FLOPPY_DPRINTF("%s: %02x\n", __func__, value);
+-    fdctrl->fifo[fdctrl->data_pos++] = value;
++    fdctrl->fifo[fdctrl->data_pos++ % FD_SECTOR_LEN] = value;
+     if (fdctrl->data_pos == fdctrl->data_len) {
+         /* We now have all parameters
+          * and will be able to treat the command
diff -Nru virtualbox-4.1.18-dfsg/debian/patches/series virtualbox-4.1.18-dfsg/debian/patches/series
--- virtualbox-4.1.18-dfsg/debian/patches/series	2015-01-28 08:39:56.000000000 +0100
+++ virtualbox-4.1.18-dfsg/debian/patches/series	2015-05-19 11:33:59.000000000 +0200
@@ -22,3 +22,4 @@
 CVE-2014-0983.patch
 CVE-2015-0377.patch
 CVE-2015-0418.patch
+CVE-2015-3456.patch