Hi Frank, as usual thanks a lot for the patch and the answer! keep up the good work!
cheers, G. Il Lunedì 18 Maggio 2015 10:05, Frank Mehnert <[email protected]> ha scritto: Hi Maxime, On Friday 15 May 2015 11:23:15 Maxime Dor wrote: > Could an experienced dev validate that this diff between VBox 4.3.26 & > 4.3.28 is indeed a fix CVE-2015-3456 ? http://pastebin.com/hb5Fbwku sorry for the slow response. Here is the link to the official Oracle report: http://www.oracle.com/technetwork/topics/security/alert-cve-2015-3456-2542656.html As stated there, the bug is fixed in VBox 4.3.28 so yes, the diff between the source code of VBox 4.3.26 and 4.3.28 in src/VBox/Devices/Storage/DevFdc.cpp contains the fix. For convenience I've attached the diff. Kind regards, Frank -- Dr.-Ing. Frank Mehnert | Software Development Director, VirtualBox ORACLE Deutschland B.V. & Co. KG | Werkstr. 24 | 71384 Weinstadt, Germany ORACLE Deutschland B.V. & Co. KG Hauptverwaltung: Riesstraße 25, D-80992 München Registergericht: Amtsgericht München, HRA 95603 Komplementärin: ORACLE Deutschland Verwaltung B.V. Hertogswetering 163/167, 3543 AS Utrecht, Niederlande Handelsregister der Handelskammer Midden-Niederlande, Nr. 30143697 Geschäftsführer: Alexander van der Ven, Astrid Kepper, Val Maher _______________________________________________ vbox-dev mailing list [email protected] https://www.virtualbox.org/mailman/listinfo/vbox-dev _______________________________________________ vbox-dev mailing list [email protected] https://www.virtualbox.org/mailman/listinfo/vbox-dev
