CVE-2014-4261 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4261): Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.14 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-2487. CVE-2014-4228 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4228): Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.1.34, 4.2.26, and 4.3.12 allows local users to affect confidentiality, integrity, and availability via vectors related to Graphics driver (WDDM) for Windows guests. CVE-2014-2489 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2489): Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core. CVE-2014-2488 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2488): Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect confidentiality via unknown vectors related to Core. CVE-2014-2486 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2486): Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect integrity and availability via unknown vectors related to Core. CVE-2014-2477 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2477): Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect integrity and availability via unknown vectors related to Core. Maintainers, can we proceed with stabilization of 4.2.26? If so, can you please CC arches and list all necessary packages for stabilization.
I've stabilized virtualbox 4.3.18 series which has all these bugs fixed as well. Dunno if we need a GLSA for this.
GLSA vote: no.
GLSA Vote: No, closing noglsa