[vbox-dev] fix for CVE-2011-2305

Klaus Espenlaub klaus.espenlaub at oracle.com
Tue Jul 26 08:55:06 PDT 2011


On 26.07.2011 12:32, Michal Šebeň wrote:
> Hello,
>
> Could someone help me with CVE-2011-2305 please ? :
> http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2011-2305

Somehow the affected version information for CVE-2011-2300 and 
CVE-2011-2305 got mixed up. Working on getting this fixed.

To clarify:
CVE-2011-2300 affected version: 3.0, 3.1, 3.2, 4.0 up to 4.0.8
CVE-2011-2305 affected version: 4.0 up to 4.0.8

Both are fixed in VirtualBox 4.0.10 and 4.1.0 (and later versions of 
course).

> In description I see affected version  : 3.0, 3.1, 3.2, and 4.0,
> I am wondering, if version 4.0.12 fix this issue ( I didn't found
> mention about this in changelog :
> http://www.virtualbox.org/wiki/Changelog-4.0 )
> and also if fix for 3.2.* exist ...

For CVE-2011-2305 there is no need to fix anything in older VirtualBox 
versions.

Klaus

>
> thanks
>
> _______________________________________________
> vbox-dev mailing list
> vbox-dev at virtualbox.org
> http://vbox.innotek.de/mailman/listinfo/vbox-dev


-- 
Oracle <http://www.oracle.com>
Dr. Klaus Espenlaub | Snr. Manager Software Development Desktop
Virtualization
Phone: +49 7151 60405 205 <tel:+49715160405205>
Oracle VM VirtualBox

ORACLE Deutschland B.V. & Co. KG | Werkstr. 24 | 71384 Weinstadt

ORACLE Deutschland B.V. & Co. KG
Hauptverwaltung: Riesstr. 25, D-80992 München
Registergericht: Amtsgericht München, HRA 95603

Komplementärin: ORACLE Deutschland Verwaltung B.V.
Hertogswetering 163/167, 3543 AS Utrecht, Niederlande
Handelsregister der Handelskammer Midden-Niederlande, Nr. 30143697
Geschäftsführer: Jürgen Kunz, Marcel van de Molen, Alexander van der Ven

Green Oracle <http://www.oracle.com/commitment> 	Oracle is committed to
developing practices and products that help protect the environment





More information about the vbox-dev mailing list