virtualbox: 5.1.6 -> 5.1.8 for many CVEs:

From LWN: From the NVD entries: CVE-2016-5501: Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality, integrity, and availability via vectors related to Core, a different vulnerability than CVE-2016-5538. CVE-2016-5538: Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality, integrity, and availability via vectors related to Core, a different vulnerability than CVE-2016-5501. CVE-2016-5605: Unspecified vulnerability in the Oracle VM VirtualBox component before 5.1.4 in Oracle Virtualization allows remote attackers to affect confidentiality and integrity via vectors related to VRDE. CVE-2016-5608: Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect availability via vectors related to Core, a different vulnerability than CVE-2016-5613. CVE-2016-5610: Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality, integrity, and availability via vectors related to Core. CVE-2016-5611: Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality via vectors related to Core. CVE-2016-5613: Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect availability via vectors related to Core, a different vulnerability than CVE-2016-5608. (cherry picked from commit 69e8bac)
NixOS · Oct 27, 2016 · 8c6ee84 · 8c6ee84
1 parent 59c8691
commit 8c6ee84
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 53 deletions.
diff --git a/pkgs/applications/virtualization/virtualbox/default.nix b/pkgs/applications/virtualization/virtualbox/default.nix
@@ -81,7 +81,7 @@ in stdenv.mkDerivation {
   '';
 
   patches = optional enableHardening ./hardened.patch
-    ++ [ ./libressl.patch ./qtx11extras.patch ];
+    ++ [ ./qtx11extras.patch ];
 
   postPatch = ''
     sed -i -e 's|/sbin/ifconfig|${nettools}/bin/ifconfig|' \

diff --git a/pkgs/applications/virtualization/virtualbox/libressl.patch b/pkgs/applications/virtualization/virtualbox/libressl.patch
diff --git a/pkgs/applications/virtualization/virtualbox/upstream-info.json b/pkgs/applications/virtualization/virtualbox/upstream-info.json
@@ -1,8 +1,8 @@
 {
   "__NOTE": "Generated using update.py from the same directory.",
-  "extpack": "607ac3636bd49a738d5c48159b39261369b5487f71fb10afa2ecf869627a12de",
-  "extpackRev": "110634",
-  "guest": "cbcf9b9b1000e09911b3d20e1efe529aef8a945cf130f6abffc14a39522cc1ed",
-  "main": "2e0112b0d85841587b8f212e6ba8f6c35b31e1cce6b6999497dc917cd37e6911",
-  "version": "5.1.6"
+  "extpack": "d28bcd01c14eb07eedd2b964d1abe4876f0a7e0e89530e7ba285a5d6267bf322",
+  "extpackRev": "111374",
+  "guest": "347fd39df6ddee8079ad41fbc038e2fb64952a40255d75292e8e49a0a0cbf657",
+  "main": "e447031de468aee746529b2cf60768922f9beff22a13c54284aa430f5e925933",
+  "version": "5.1.8"
 }