From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:48095)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <aliguori@us.ibm.com>) id 1UZtjZ-0005Tg-0p
	for qemu-devel@nongnu.org; Tue, 07 May 2013 22:03:57 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <aliguori@us.ibm.com>) id 1UZtjY-0001gO-3u
	for qemu-devel@nongnu.org; Tue, 07 May 2013 22:03:56 -0400
Received: from e23smtp04.au.ibm.com ([202.81.31.146]:49202)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <aliguori@us.ibm.com>) id 1UZtjX-0001g7-FG
	for qemu-devel@nongnu.org; Tue, 07 May 2013 22:03:56 -0400
Received: from /spool/local
	by e23smtp04.au.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use
	Only! Violators will be prosecuted
	for <qemu-devel@nongnu.org> from <aliguori@us.ibm.com>;
	Wed, 8 May 2013 11:51:23 +1000
Received: from d23relay05.au.ibm.com (d23relay05.au.ibm.com [9.190.235.152])
	by d23dlp01.au.ibm.com (Postfix) with ESMTP id EFE9E2CE8053
	for <qemu-devel@nongnu.org>; Wed,  8 May 2013 12:03:47 +1000 (EST)
Received: from d23av03.au.ibm.com (d23av03.au.ibm.com [9.190.234.97])
	by d23relay05.au.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id
	r481nkgf24051902
	for <qemu-devel@nongnu.org>; Wed, 8 May 2013 11:49:47 +1000
Received: from d23av03.au.ibm.com (loopback [127.0.0.1])
	by d23av03.au.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP id
	r4823kEd020450
	for <qemu-devel@nongnu.org>; Wed, 8 May 2013 12:03:46 +1000
From: Anthony Liguori <aliguori@us.ibm.com>
In-Reply-To: <201305071849.r47Inega012585@d23av03.au.ibm.com>
References: <201305071849.r47Inega012585@d23av03.au.ibm.com>
Date: Tue, 07 May 2013 21:03:29 -0500
Message-ID: <87fvxyut1q.fsf@codemonkey.ws>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Subject: Re: [Qemu-devel] [PATCH] qga: set umask 0077 when daemonizing
	(CVE-2013-2007)
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org, eblake@redhat.com, Laszlo Ersek <lersek@redhat.com>

Anthony Liguori <aliguori@us.ibm.com> writes:

> Applied.  Thanks.

Hi,

This was an automated response so it doesn't acknowledge the fact that
since this was a CVE, I applied the original patch regardless of review
feedback to avoid any confusion about whether the CVE has been addressed.

In the past, we've modified the patches published with CVEs because of
feedback on the list and this creates tremendous confusion.  This even
resulted in a distro including an incorrect patches because they
mistakenly thought a CVE wasn't addressed.

Please do review and provide feedback for this patch and we'll
incorporate that in follow-ups as Laszlo has already done.

And as usual, thanks to everyone involved in reporting, reviewing, and
coordinating the handling of this CVE!

Regards,

Anthony Liguori

>
> Regards,
>
> Anthony Liguori