[vbox-dev] fix for CVE-2011-2305
Michal Šebeň
mseben at gmail.com
Fri Aug 5 12:02:47 GMT 2011
Hi,
so 4.0.x series could be fixed with 4.0.12 release
and what about 3.2.x ? do we have some patch to fix CVE-2011-2300 ?
thanks
On Tue, Jul 26, 2011 at 5:55 PM, Klaus Espenlaub
<klaus.espenlaub at oracle.com> wrote:
> On 26.07.2011 12:32, Michal Šebeň wrote:
>>
>> Hello,
>>
>> Could someone help me with CVE-2011-2305 please ? :
>> http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2011-2305
>
> Somehow the affected version information for CVE-2011-2300 and CVE-2011-2305
> got mixed up. Working on getting this fixed.
>
> To clarify:
> CVE-2011-2300 affected version: 3.0, 3.1, 3.2, 4.0 up to 4.0.8
> CVE-2011-2305 affected version: 4.0 up to 4.0.8
>
> Both are fixed in VirtualBox 4.0.10 and 4.1.0 (and later versions of
> course).
>
>> In description I see affected version : 3.0, 3.1, 3.2, and 4.0,
>> I am wondering, if version 4.0.12 fix this issue ( I didn't found
>> mention about this in changelog :
>> http://www.virtualbox.org/wiki/Changelog-4.0 )
>> and also if fix for 3.2.* exist ...
>
> For CVE-2011-2305 there is no need to fix anything in older VirtualBox
> versions.
>
> Klaus
>
>>
>> thanks
>>
>> _______________________________________________
>> vbox-dev mailing list
>> vbox-dev at virtualbox.org
>> http://vbox.innotek.de/mailman/listinfo/vbox-dev
>
>
> --
> Oracle <http://www.oracle.com>
> Dr. Klaus Espenlaub | Snr. Manager Software Development Desktop
> Virtualization
> Phone: +49 7151 60405 205 <tel:+49715160405205>
> Oracle VM VirtualBox
>
> ORACLE Deutschland B.V. & Co. KG | Werkstr. 24 | 71384 Weinstadt
>
> ORACLE Deutschland B.V. & Co. KG
> Hauptverwaltung: Riesstr. 25, D-80992 München
> Registergericht: Amtsgericht München, HRA 95603
>
> Komplementärin: ORACLE Deutschland Verwaltung B.V.
> Hertogswetering 163/167, 3543 AS Utrecht, Niederlande
> Handelsregister der Handelskammer Midden-Niederlande, Nr. 30143697
> Geschäftsführer: Jürgen Kunz, Marcel van de Molen, Alexander van der Ven
>
> Green Oracle <http://www.oracle.com/commitment> Oracle is committed
> to
> developing practices and products that help protect the environment
>
>
> _______________________________________________
> vbox-dev mailing list
> vbox-dev at virtualbox.org
> http://vbox.innotek.de/mailman/listinfo/vbox-dev
>
More information about the vbox-dev
mailing list