Re: CVE for Virtualbox 0x8 DoS?

[Frank Mehnert <frank.mehnert () oracle com>]

Hi,

On Friday 14 September 2012 12:12:44 halfdog wrote:
> Hi,
>
> Kurt Seifried wrote:
> > On 09/13/2012 10:59 AM, Raphael Geissert wrote:
> > > Hi,
> > >
> > > Has a CVE id been finally assigned for the following issue?
> > > http://www.halfdog.net/Security/2012/VirtualBoxSoftwareInterrupt0x8Guest
> > > Crash/
> > >
> > >  Regards,
> >
> > - From that page:
> >
> > 20120910: Oracle security decides, that CVE should be assigned
> >
> > Can Oracle/halfdog.net communicate the CVE to the community
> > please?
>
> I do not have that information yet. The information about intended CVE
> assignment till October update was exchanged off list, contact on
> Oracle side was Mr. Mehnert.
>
> Early disclosure of this issue was due to misconception, that Oracle
> would have assessed severity, need for CVE and communication of
> disclosure timeline before releasing patch as maintenance release. The
> early disclosure mixed up the whole
> reporting/analyze/classify/CVE-assign/disclosure process somehow.

The security folks told me that there will be a CVE which will be
visible with the next scheduled Oracle CPU date (in October 2012).

Thanks,

Frank
-- 
Dr.-Ing. Frank Mehnert
Senior Manager Software Development Desktop Virtualization, VirtualBox
ORACLE Deutschland B.V. & Co. KG | Werkstr. 24 | 71384 Weinstadt, Germany

Hauptverwaltung: Riesstr. 25, D-80992 München
Registergericht: Amtsgericht München, HRA 95603

Komplementärin: ORACLE Deutschland Verwaltung B.V.
Hertogswetering 163/167, 3543 AS Utrecht, Niederlande
Handelsregister der Handelskammer Midden-Niederlande, Nr. 30143697
Geschäftsführer: Jürgen Kunz, Marcel van de Molen, Alexander van der Ven

Attachment: signature.asc
Description: This is a digitally signed message part.