[vbox-dev] fix for CVE-2011-2305
Klaus Espenlaub
klaus.espenlaub at oracle.com
Tue Jul 26 15:55:06 GMT 2011
On 26.07.2011 12:32, Michal Šebeň wrote:
> Hello,
>
> Could someone help me with CVE-2011-2305 please ? :
> http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2011-2305
Somehow the affected version information for CVE-2011-2300 and
CVE-2011-2305 got mixed up. Working on getting this fixed.
To clarify:
CVE-2011-2300 affected version: 3.0, 3.1, 3.2, 4.0 up to 4.0.8
CVE-2011-2305 affected version: 4.0 up to 4.0.8
Both are fixed in VirtualBox 4.0.10 and 4.1.0 (and later versions of
course).
> In description I see affected version : 3.0, 3.1, 3.2, and 4.0,
> I am wondering, if version 4.0.12 fix this issue ( I didn't found
> mention about this in changelog :
> http://www.virtualbox.org/wiki/Changelog-4.0 )
> and also if fix for 3.2.* exist ...
For CVE-2011-2305 there is no need to fix anything in older VirtualBox
versions.
Klaus
>
> thanks
>
> _______________________________________________
> vbox-dev mailing list
> vbox-dev at virtualbox.org
> http://vbox.innotek.de/mailman/listinfo/vbox-dev
--
Oracle <http://www.oracle.com>
Dr. Klaus Espenlaub | Snr. Manager Software Development Desktop
Virtualization
Phone: +49 7151 60405 205 <tel:+49715160405205>
Oracle VM VirtualBox
ORACLE Deutschland B.V. & Co. KG | Werkstr. 24 | 71384 Weinstadt
ORACLE Deutschland B.V. & Co. KG
Hauptverwaltung: Riesstr. 25, D-80992 München
Registergericht: Amtsgericht München, HRA 95603
Komplementärin: ORACLE Deutschland Verwaltung B.V.
Hertogswetering 163/167, 3543 AS Utrecht, Niederlande
Handelsregister der Handelskammer Midden-Niederlande, Nr. 30143697
Geschäftsführer: Jürgen Kunz, Marcel van de Molen, Alexander van der Ven
Green Oracle <http://www.oracle.com/commitment> Oracle is committed to
developing practices and products that help protect the environment
More information about the vbox-dev
mailing list