[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] Out off array access in usb-net
|
From: |
Gleb Natapov |
|
Subject: |
Re: [Qemu-devel] [PATCH] Out off array access in usb-net |
|
Date: |
Tue, 16 Nov 2010 22:14:55 +0200 |
On Tue, Nov 16, 2010 at 02:08:13PM -0600, Anthony Liguori wrote:
> On 11/09/2010 04:51 AM, Markus Armbruster wrote:
> >Gleb Natapov<address@hidden> writes:
> >
> >>On Tue, Nov 09, 2010 at 11:16:43AM +0100, Markus Armbruster wrote:
> >>>Gleb Natapov<address@hidden> writes:
> >>>
> >>>>On Tue, Nov 09, 2010 at 10:30:54AM +0100, Markus Armbruster wrote:
> >>>>>Gleb Natapov<address@hidden> writes:
> >>>>>
> >>>>>>Properly check array bounds before accessing array element.
> >>>>>Impact?
> >>>>>
> >>>>Gapping security hole for those unfortunate enough to use usb-net?
> >>>Doesn't that bit of information belong in the commit message.
> >>>
> >>Some people prefer not to put such information into commit message.
> >Correct, but does "some people" include the QEMU maintainers? Anthony?
>
> I don't have a strong opinion either way. If there's a CVE, I'd
> prefer the CVE number was prominent in the commit log but other than
> that, I'd leave it to the author's discretion.
>
No CVE. Please apply as is.
--
Gleb.
Re: [Qemu-devel] [PATCH] Out off array access in usb-net, Anthony Liguori, 2010/11/16