Summary: | <app-emulation/virtualbox-6.1.16: Multiple vulnerabilities (CVE-2020-{14872,14881,14884,14885,14886,14889,14892}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | critical | CC: | polynomial-c |
Priority: | Normal | Flags: | nattka:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL | ||
Whiteboard: | A1 [glsa+ cve] | ||
Package list: |
app-emulation/virtualbox-6.1.16-r1 amd64
app-emulation/virtualbox-additions-6.1.16-r1 amd64
app-emulation/virtualbox-extpack-oracle-6.1.16.140961-r1 amd64
app-emulation/virtualbox-guest-additions-6.1.16-r1
app-emulation/virtualbox-modules-6.1.16-r1 amd64
|
Runtime testing required: | --- |
Description
John Helmert III
2020-10-23 04:22:34 UTC
Sanity check failed:
> app-emulation/virtualbox-6.1.16
> depend amd64 stable profile default/linux/amd64/17.0 (28 total)
> ~app-emulation/virtualbox-modules-6.1.16
> depend amd64 dev profile default/linux/amd64/17.0/no-multilib/prefix/kernel-3.2+ (2 total)
> ~app-emulation/virtualbox-modules-6.1.16
> rdepend amd64 stable profile default/linux/amd64/17.0 (28 total)
> ~app-emulation/virtualbox-modules-6.1.16
> rdepend amd64 dev profile default/linux/amd64/17.0/no-multilib/prefix/kernel-3.2+ (2 total)
> ~app-emulation/virtualbox-modules-6.1.16
ping Sanity check failed:
> app-emulation/virtualbox-6.1.16
> depend amd64 dev profile default/linux/amd64/17.0/no-multilib/prefix/kernel-3.2+ (2 total)
> ~app-emulation/virtualbox-modules-6.1.16
> depend amd64 stable profile default/linux/amd64/17.1 (14 total)
> ~app-emulation/virtualbox-modules-6.1.16
> rdepend amd64 dev profile default/linux/amd64/17.0/no-multilib/prefix/kernel-3.2+ (2 total)
> ~app-emulation/virtualbox-modules-6.1.16
> rdepend amd64 stable profile default/linux/amd64/17.1 (14 total)
> ~app-emulation/virtualbox-modules-6.1.16
Sanity check failed:
> app-emulation/virtualbox-6.1.16
> depend amd64 dev profile default/linux/amd64/17.0/no-multilib/prefix/kernel-3.2+ (3 total)
> ~app-emulation/virtualbox-modules-6.1.16
> depend amd64 stable profile default/linux/amd64/17.1 (14 total)
> ~app-emulation/virtualbox-modules-6.1.16
> rdepend amd64 dev profile default/linux/amd64/17.0/no-multilib/prefix/kernel-3.2+ (3 total)
> ~app-emulation/virtualbox-modules-6.1.16
> rdepend amd64 stable profile default/linux/amd64/17.1 (14 total)
> ~app-emulation/virtualbox-modules-6.1.16
Unable to check for sanity:
> no match for package: app-emulation/virtualbox-6.1.16
Ping. Sanity check failed:
> app-emulation/virtualbox-6.1.16-r1
> depend amd64 dev profile default/linux/amd64/17.0/no-multilib/prefix/kernel-3.2+ (3 total)
> ~app-emulation/virtualbox-modules-6.1.16
> depend amd64 stable profile default/linux/amd64/17.1 (14 total)
> ~app-emulation/virtualbox-modules-6.1.16
> rdepend amd64 dev profile default/linux/amd64/17.0/no-multilib/prefix/kernel-3.2+ (3 total)
> ~app-emulation/virtualbox-modules-6.1.16
> rdepend amd64 stable profile default/linux/amd64/17.1 (14 total)
> ~app-emulation/virtualbox-modules-6.1.16
ping Ping. In my opinion there is a too long a standstill here for a security bug. These packages should be stabilized: =app-emulation/virtualbox-6.1.16-r1 =app-emulation/virtualbox-additions-6.1.16-r1 =app-emulation/virtualbox-extpack-oracle-6.1.16.140961-r1 =app-emulation/virtualbox-guest-additions-6.1.16-r1 =app-emulation/virtualbox-modules-6.1.16-r1 Resetting sanity check; keywords are not fully specified and arches are not CC-ed. amd64 done x86 done all arches done Please cleanup, thanks! The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=95b009db55b2ac18f2cdc9176d5264fed874570b commit 95b009db55b2ac18f2cdc9176d5264fed874570b Author: Lars Wendler <polynomial-c@gentoo.org> AuthorDate: 2021-01-19 08:22:11 +0000 Commit: Lars Wendler <polynomial-c@gentoo.org> CommitDate: 2021-01-19 08:22:28 +0000 virtualbox packages: Security cleanup Bug: https://bugs.gentoo.org/750782 Package-Manager: Portage-3.0.13, Repoman-3.0.2 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> app-emulation/virtualbox-additions/Manifest | 1 - .../virtualbox-additions-6.0.24-r1.ebuild | 34 -- app-emulation/virtualbox-extpack-oracle/Manifest | 1 - ...rtualbox-extpack-oracle-6.0.24.139119-r1.ebuild | 43 -- app-emulation/virtualbox-guest-additions/Manifest | 2 - .../virtualbox-guest-additions-6.0.24-r2.ebuild | 218 --------- app-emulation/virtualbox-modules/Manifest | 1 - .../virtualbox-modules-6.0.24-r2.ebuild | 55 --- app-emulation/virtualbox/Manifest | 2 - .../virtualbox/virtualbox-6.0.24-r1.ebuild | 510 --------------------- 10 files changed, 867 deletions(-) This issue was resolved and addressed in GLSA 202101-15 at https://security.gentoo.org/glsa/202101-15 by GLSA coordinator Aaron Bauman (b-man). |