From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from [140.186.70.92] (port=33507 helo=eggs.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1PIRvl-0002FH-Mf
	for qemu-devel@nongnu.org; Tue, 16 Nov 2010 15:15:06 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <gleb@redhat.com>) id 1PIRvk-0002L0-IN
	for qemu-devel@nongnu.org; Tue, 16 Nov 2010 15:15:05 -0500
Received: from mx1.redhat.com ([209.132.183.28]:29788)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <gleb@redhat.com>) id 1PIRvk-0002Ko-AN
	for qemu-devel@nongnu.org; Tue, 16 Nov 2010 15:15:04 -0500
Date: Tue, 16 Nov 2010 22:14:55 +0200
From: Gleb Natapov <gleb@redhat.com>
Subject: Re: [Qemu-devel] [PATCH] Out off array access in usb-net
Message-ID: <20101116201455.GB27851@redhat.com>
References: <20101109073653.GF9036@redhat.com>
	<m3eiaun8s1.fsf@blackfin.pond.sub.org>
	<20101109093901.GM9036@redhat.com>
	<m3iq06hkdw.fsf@blackfin.pond.sub.org>
	<20101109103422.GN9036@redhat.com>
	<m31v6uepmm.fsf@blackfin.pond.sub.org>
	<4CE2E4AD.2040302@codemonkey.ws>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <4CE2E4AD.2040302@codemonkey.ws>
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Anthony Liguori <anthony@codemonkey.ws>
Cc: Markus Armbruster <armbru@redhat.com>, qemu-devel@nongnu.org

On Tue, Nov 16, 2010 at 02:08:13PM -0600, Anthony Liguori wrote:
> On 11/09/2010 04:51 AM, Markus Armbruster wrote:
> >Gleb Natapov<gleb@redhat.com>  writes:
> >
> >>On Tue, Nov 09, 2010 at 11:16:43AM +0100, Markus Armbruster wrote:
> >>>Gleb Natapov<gleb@redhat.com>  writes:
> >>>
> >>>>On Tue, Nov 09, 2010 at 10:30:54AM +0100, Markus Armbruster wrote:
> >>>>>Gleb Natapov<gleb@redhat.com>  writes:
> >>>>>
> >>>>>>Properly check array bounds before accessing array element.
> >>>>>Impact?
> >>>>>
> >>>>Gapping security hole for those unfortunate enough to use usb-net?
> >>>Doesn't that bit of information belong in the commit message.
> >>>
> >>Some people prefer not to put such information into commit message.
> >Correct, but does "some people" include the QEMU maintainers?  Anthony?
> 
> I don't have a strong opinion either way.  If there's a CVE, I'd
> prefer the CVE number was prominent in the commit log but other than
> that, I'd leave it to the author's discretion.
> 
No CVE. Please apply as is.


--
			Gleb.