Your message dated Thu, 28 Jul 2011 14:30:18 +0200
with message-id <[email protected]>
and subject line Re: Bug#635276: [Pkg-virtualbox-devel] Bug#635276:
CVE-2011-2305 / CVE-2011-2300
has caused the Debian Bug report #635276,
regarding CVE-2011-2305 / CVE-2011-2300
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
635276: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=635276
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: virtualbox-ose
Version: 4.0.10-dfsg-1
Severity: grave
Tags: security
Does this affect the versions in Debian?
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2305
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2300
Cheers,
Moritz
--- End Message ---
--- Begin Message ---
I'm closing this bug as Michael has updated the version in backports
to 4.0.10 and we can't fix virtualbox-guest-additions in stable.
Moritz, can you update the security tracker?
The version information in the original CVEs are wrong, see
http://vbox.innotek.de/pipermail/vbox-dev/2011-July/004383.html
CVE-2011-2300 affects the virtualbox-guest-additions (not virtualbox-ose)
package in squeeze.
CVE-2011-2305 doesn't affect any version in Debian.
Felix
--- End Message ---
