|
From: | Anthony Liguori |
Subject: | Re: [Qemu-devel] [PATCH] Out off array access in usb-net |
Date: | Tue, 16 Nov 2010 14:08:13 -0600 |
User-agent: | Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.15) Gecko/20101027 Lightning/1.0b1 Thunderbird/3.0.10 |
On 11/09/2010 04:51 AM, Markus Armbruster wrote:
Gleb Natapov<address@hidden> writes:On Tue, Nov 09, 2010 at 11:16:43AM +0100, Markus Armbruster wrote:Gleb Natapov<address@hidden> writes:On Tue, Nov 09, 2010 at 10:30:54AM +0100, Markus Armbruster wrote:Gleb Natapov<address@hidden> writes:Properly check array bounds before accessing array element.Impact?Gapping security hole for those unfortunate enough to use usb-net?Doesn't that bit of information belong in the commit message.Some people prefer not to put such information into commit message.Correct, but does "some people" include the QEMU maintainers? Anthony?
I don't have a strong opinion either way. If there's a CVE, I'd prefer the CVE number was prominent in the commit log but other than that, I'd leave it to the author's discretion.
Regards, Anthony Liguori
[...]
[Prev in Thread] | Current Thread | [Next in Thread] |