Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 859391 (CVE-2022-21554, CVE-2022-21571) - <app-emulation/virtualbox-6.1.36: multiple vulnerabilities (Oracle CPU July 2022)
Summary: <app-emulation/virtualbox-6.1.36: multiple vulnerabilities (Oracle CPU July 2...
Status: RESOLVED FIXED
Alias: CVE-2022-21554, CVE-2022-21571
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://www.oracle.com/security-alert...
Whiteboard: B3 [glsa+]
Keywords: PullRequest
Depends on: 860897 866488
Blocks:
  Show dependency tree
 
Reported: 2022-07-19 19:07 UTC by John Helmert III
Modified: 2022-09-05 16:44 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-07-19 19:07:21 UTC
No details yet, but affected versions are:

Oracle VM VirtualBox, versions prior to 6.1.36
Comment 1 devsk 2022-07-25 04:35:26 UTC
Since 6.1.36 is already out upstream, is anyone working on an ebuild going for 6.1.36?
Comment 2 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-07-25 04:37:48 UTC
(In reply to devsk from comment #1)
> Since 6.1.36 is already out upstream, is anyone working on an ebuild going
> for 6.1.36?

Yes, but he's away until tomorrow.
Comment 3 Larry the Git Cow gentoo-dev 2022-07-27 21:05:44 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a1e87e52e23ba70995fc257bdeb155ef3ec728f8

commit a1e87e52e23ba70995fc257bdeb155ef3ec728f8
Author:     Viorel Munteanu <ceamac.paragon@gmail.com>
AuthorDate: 2022-07-26 19:26:38 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-07-27 21:05:30 +0000

    app-emulation/virtualbox: add 6.1.36
    
    Closes: https://bugs.gentoo.org/856769
    Closes: https://bugs.gentoo.org/860897
    Bug: https://bugs.gentoo.org/859391
    Signed-off-by: Viorel Munteanu <ceamac.paragon@gmail.com>
    Signed-off-by: Sam James <sam@gentoo.org>

 app-emulation/virtualbox/Manifest                  |   2 +
 .../files/virtualbox-6.1.36-python3.10.patch       |  16 +
 app-emulation/virtualbox/virtualbox-6.1.36.ebuild  | 644 +++++++++++++++++++++
 3 files changed, 662 insertions(+)
Comment 4 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-08-25 03:26:42 UTC
ceamac: ok to stable now?
Comment 5 Viorel 2022-08-25 05:04:35 UTC
6.1.36 had some problems with certain CFLAGS, 6.1.36-r2 is ok but a bit new.  Other than that, I'm ok with starting stabilization early.
Comment 6 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-08-25 06:19:06 UTC
(In reply to Viorel from comment #5)
> 6.1.36 had some problems with certain CFLAGS, 6.1.36-r2 is ok but a bit new.
> Other than that, I'm ok with starting stabilization early.

Let's do the fixed revision of course (6.1.36-r2). I think it's worth it for the proper Python fix too.
Comment 7 Viorel 2022-08-25 07:52:18 UTC
Created bug #866488
Comment 8 Larry the Git Cow gentoo-dev 2022-08-31 23:37:24 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=0896f6d0ef51a24e9d845d2ac349c6bf98fadb0b

commit 0896f6d0ef51a24e9d845d2ac349c6bf98fadb0b
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2022-08-31 23:36:15 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-08-31 23:37:06 +0000

    [ GLSA 202208-36 ] Oracle VirtualBox: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/785445
    Bug: https://bugs.gentoo.org/803134
    Bug: https://bugs.gentoo.org/820425
    Bug: https://bugs.gentoo.org/831440
    Bug: https://bugs.gentoo.org/839990
    Bug: https://bugs.gentoo.org/859391
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Sam James <sam@gentoo.org>

 glsa-202208-36.xml | 98 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 98 insertions(+)
Comment 9 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-08-31 23:40:14 UTC
Maintainer, please cleanup and use the Closes tag in your commit as GLSA is done.
Comment 10 Larry the Git Cow gentoo-dev 2022-09-05 12:39:37 UTC
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d66719f5cd1476433e895d82059c431688d40914

commit d66719f5cd1476433e895d82059c431688d40914
Author:     Viorel Munteanu <ceamac.paragon@gmail.com>
AuthorDate: 2022-09-01 08:08:17 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2022-09-05 12:39:17 +0000

    app-emulation/virtualbox: drop versions
    
    Closes: https://bugs.gentoo.org/839990
    Closes: https://bugs.gentoo.org/859391
    Signed-off-by: Viorel Munteanu <ceamac.paragon@gmail.com>
    Closes: https://github.com/gentoo/gentoo/pull/27149
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 app-emulation/virtualbox/Manifest                  |   3 -
 .../files/virtualbox-6.1.34-no-pam.patch           |  22 -
 .../files/virtualbox-6.1.34-python3.10.patch       |  13 -
 .../files/virtualbox-6.1.34-r3-python3.10.patch    | 122 ----
 .../files/virtualbox-6.1.34-vboxr0.patch           |  20 -
 .../virtualbox/virtualbox-6.1.32-r3.ebuild         | 517 ----------------
 .../virtualbox/virtualbox-6.1.34-r1.ebuild         | 506 ----------------
 .../virtualbox/virtualbox-6.1.34-r3.ebuild         | 535 -----------------
 .../virtualbox/virtualbox-6.1.34-r7.ebuild         | 636 --------------------
 app-emulation/virtualbox/virtualbox-6.1.36.ebuild  | 647 ---------------------
 10 files changed, 3021 deletions(-)