Re: Re: CVE for Virtualbox 0x8 DoS?

[halfdog <me () halfdog net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Frank Mehnert wrote:
> Hi,
>
> On Friday 14 September 2012 12:12:44 halfdog wrote:
> > Hi,
> >
> > Kurt Seifried wrote:
> > > On 09/13/2012 10:59 AM, Raphael Geissert wrote:
> > > > Hi,
> > > >
> > > > Has a CVE id been finally assigned for the following issue?
> > > > http://www.halfdog.net/Security/2012/VirtualBoxSoftwareInterrupt0x8Guest
> > > > Crash/
> > > >
> > > >  Regards,
> > >
> > > - From that page:
> > >
> > > 20120910: Oracle security decides, that CVE should be assigned
> > >
> > > Can Oracle/halfdog.net communicate the CVE to the community
> > > please?
> >
> > I do not have that information yet. The information about intended CVE
> > assignment till October update was exchanged off list, contact on
> > Oracle side was Mr. Mehnert.
> >
> > Early disclosure of this issue was due to misconception, that Oracle
> > would have assessed severity, need for CVE and communication of
> > disclosure timeline before releasing patch as maintenance release. The
> > early disclosure mixed up the whole
> > reporting/analyze/classify/CVE-assign/disclosure process somehow.
>
> The security folks told me that there will be a CVE which will be
> visible with the next scheduled Oracle CPU date (in October 2012).

Seems that Oracle CPU day was 2012-10-16, CVE is CVE-2012-3221

I've collected references to this issue from HTTP referers and added
them at the bottom of

http://www.halfdog.net/Security/2012/VirtualBoxSoftwareInterrupt0x8GuestCrash/

- -- 
http://www.halfdog.net/
PGP: 156A AE98 B91F 0114 FE88  2BD8 C459 9386 feed a bee
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAlCANncACgkQxFmThv7tq+5TlQCeMoALN1LK57w1P0U6h00NXGVh
l/UAn1Lfp5s0S6lRPq358XEP5AKbITSi
=M5Gj
-----END PGP SIGNATURE-----