From: "Daniel P. Berrange" <berrange@redhat.com>
To: Peter Maydell <peter.maydell@linaro.org>
Cc: Gerd Hoffmann <kraxel@redhat.com>,
QEMU Developers <qemu-devel@nongnu.org>
Subject: Re: [Qemu-devel] [PATCH 1/2] CVE-2015-1779: incrementally decode websocket frames
Date: Thu, 9 Apr 2015 15:12:15 +0100 [thread overview]
Message-ID: <20150409141215.GC28535@redhat.com> (raw)
In-Reply-To: <CAFEAcA_XhaNO6vOJw3NDFxLNpZWgoM334-oeUnLNnfom9CsShQ@mail.gmail.com>
On Wed, Apr 01, 2015 at 02:41:57PM +0100, Peter Maydell wrote:
> On 1 April 2015 at 14:36, Gerd Hoffmann <kraxel@redhat.com> wrote:
> > Confirmed. Fixes the issues I've seen in testing and looks sensible to
> > me. Comment from Daniel would be nice, especially as I know next to
> > nothing about websockets, but he seems to be off into the easter
> > holidays already.
> >
> > So, with -rc2 waiting for this (and being late already) I think I'll
> > squash in the incremental fix and prepare a pull request even without
> > Daniels ack ...
>
> Yes, that seems best. Given that this is a CVE fix can you
> make sure the change is called out clearly in the commit
> message so it's easy for downstreams to see which version
> of the fix they have applied? Might be worth including the
> fixup-diff in the commit message...
Yes, that fix looks correct to me too, thanks for figuring that out.
Sorry for not responding before - I've been off on paternity leave
for several weeks and only just catching up.
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
next prev parent reply other threads:[~2015-04-09 14:12 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-03-23 22:58 [Qemu-devel] [PATCH 0/2] CVE-2015-1779: fix denial of service in VNC websockets Daniel P. Berrange
2015-03-23 22:58 ` [Qemu-devel] [PATCH 1/2] CVE-2015-1779: incrementally decode websocket frames Daniel P. Berrange
2015-03-31 17:42 ` Peter Maydell
2015-04-01 13:36 ` Gerd Hoffmann
2015-04-01 13:41 ` Peter Maydell
2015-04-09 14:12 ` Daniel P. Berrange [this message]
2015-03-31 18:01 ` Peter Maydell
2015-03-23 22:58 ` [Qemu-devel] [PATCH 2/2] CVE-2015-1779: limit size of HTTP headers from websockets clients Daniel P. Berrange
2015-03-24 15:51 ` [Qemu-devel] [PATCH 0/2] CVE-2015-1779: fix denial of service in VNC websockets Gerd Hoffmann
2015-03-31 9:17 ` Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150409141215.GC28535@redhat.com \
--to=berrange@redhat.com \
--cc=kraxel@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.