diff -Nru virtualbox-lts-xenial-4.3.36-dfsg/debian/changelog virtualbox-lts-xenial-4.3.36-dfsg/debian/changelog
--- virtualbox-lts-xenial-4.3.36-dfsg/debian/changelog	2019-02-28 17:14:33.000000000 +0000
+++ virtualbox-lts-xenial-4.3.36-dfsg/debian/changelog	2019-03-11 16:54:59.000000000 +0000
@@ -1,3 +1,11 @@
+virtualbox-lts-xenial (4.3.36-dfsg-1+deb8u1ubuntu1.14.04.1~14.04.6) trusty; urgency=medium
+
+  * debian/patches/fix-for-guest-to-host-escape-vulnerability.patch:
+    - Apply patch for guest-to-host escape vulnerability (LP: #1809156)
+    - CVE-2018-3294
+
+ -- Gianfranco Costamagna <locutusofborg@debian.org>  Mon, 11 Mar 2019 17:54:59 +0100
+
 virtualbox-lts-xenial (4.3.36-dfsg-1+deb8u1ubuntu1.14.04.1~14.04.5) trusty; urgency=medium
 
   * debian/patches/fix-compile-for-xenial-kernel.patch
diff -Nru virtualbox-lts-xenial-4.3.36-dfsg/debian/patches/fix-guest-to-host-escape-vulnerability.patch virtualbox-lts-xenial-4.3.36-dfsg/debian/patches/fix-guest-to-host-escape-vulnerability.patch
--- virtualbox-lts-xenial-4.3.36-dfsg/debian/patches/fix-guest-to-host-escape-vulnerability.patch	1970-01-01 00:00:00.000000000 +0000
+++ virtualbox-lts-xenial-4.3.36-dfsg/debian/patches/fix-guest-to-host-escape-vulnerability.patch	2019-01-17 16:49:01.000000000 +0000
@@ -0,0 +1,20 @@
+Description: Security fix for guest-to-host escape
+Origin: upstream, https://www.virtualbox.org/changeset/75330
+Bug-Ubuntu: https://bugs.launchpad.net/bugs/1809156
+Applied-Upstream: 5.2.22
+Index: virtualbox-5.2.18-dfsg/src/VBox/Devices/Network/DevE1000.cpp
+===================================================================
+--- virtualbox-5.2.18-dfsg.orig/src/VBox/Devices/Network/DevE1000.cpp
++++ virtualbox-5.2.18-dfsg/src/VBox/Devices/Network/DevE1000.cpp
+@@ -4877,6 +4877,11 @@ static int e1kXmitDesc(PE1KSTATE pThis,
+             if (pDesc->data.cmd.u20DTALEN == 0 || pDesc->data.u64BufAddr == 0)
+             {
+                 E1kLog2(("% Empty data descriptor, skipped.\n", pThis->szPrf));
++                if (pDesc->data.cmd.fEOP)
++                {
++                    e1kTransmitFrame(pThis, fOnWorkerThread);
++                    pThis->u16TxPktLen = 0;
++                }
+             }
+             else
+             {
diff -Nru virtualbox-lts-xenial-4.3.36-dfsg/debian/patches/series virtualbox-lts-xenial-4.3.36-dfsg/debian/patches/series
--- virtualbox-lts-xenial-4.3.36-dfsg/debian/patches/series	2019-02-28 17:14:33.000000000 +0000
+++ virtualbox-lts-xenial-4.3.36-dfsg/debian/patches/series	2019-03-11 16:54:32.000000000 +0000
@@ -14,4 +14,5 @@
 32-disable-guest-version-check.patch
 35-libvdeplug-soname.patch
 36-fix-vnc-version-string.patch
+fix-guest-to-host-escape-vulnerability.patch
 fix-compile-for-xenial-kernel.patch