From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:57051)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <berrange@redhat.com>) id 1YgDBv-0000Pm-31
	for qemu-devel@nongnu.org; Thu, 09 Apr 2015 10:12:24 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <berrange@redhat.com>) id 1YgDBt-0004wJ-P0
	for qemu-devel@nongnu.org; Thu, 09 Apr 2015 10:12:23 -0400
Received: from mx1.redhat.com ([209.132.183.28]:58317)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <berrange@redhat.com>) id 1YgDBt-0004w1-ID
	for qemu-devel@nongnu.org; Thu, 09 Apr 2015 10:12:21 -0400
Date: Thu, 9 Apr 2015 15:12:15 +0100
From: "Daniel P. Berrange" <berrange@redhat.com>
Message-ID: <20150409141215.GC28535@redhat.com>
References: <1427151502-14386-1-git-send-email-berrange@redhat.com>
	<1427151502-14386-2-git-send-email-berrange@redhat.com>
	<CAFEAcA_o109BTHjDyoKMYUxjboGgzyu3TU9a5854m=Ymygbnbw@mail.gmail.com>
	<1427895415.6445.8.camel@nilsson.home.kraxel.org>
	<CAFEAcA_XhaNO6vOJw3NDFxLNpZWgoM334-oeUnLNnfom9CsShQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <CAFEAcA_XhaNO6vOJw3NDFxLNpZWgoM334-oeUnLNnfom9CsShQ@mail.gmail.com>
Subject: Re: [Qemu-devel] [PATCH 1/2] CVE-2015-1779: incrementally decode
 websocket frames
Reply-To: "Daniel P. Berrange" <berrange@redhat.com>
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Peter Maydell <peter.maydell@linaro.org>
Cc: Gerd Hoffmann <kraxel@redhat.com>, QEMU Developers <qemu-devel@nongnu.org>

On Wed, Apr 01, 2015 at 02:41:57PM +0100, Peter Maydell wrote:
> On 1 April 2015 at 14:36, Gerd Hoffmann <kraxel@redhat.com> wrote:
> > Confirmed.  Fixes the issues I've seen in testing and looks sensible to
> > me.  Comment from Daniel would be nice, especially as I know next to
> > nothing about websockets, but he seems to be off into the easter
> > holidays already.
> >
> > So, with -rc2 waiting for this (and being late already) I think I'll
> > squash in the incremental fix and prepare a pull request even without
> > Daniels ack ...
> 
> Yes, that seems best. Given that this is a CVE fix can you
> make sure the change is called out clearly in the commit
> message so it's easy for downstreams to see which version
> of the fix they have applied? Might be worth including the
> fixup-diff in the commit message...

Yes, that fix looks correct to me too, thanks for figuring that out.

Sorry for not responding before - I've been off on paternity leave
for several weeks and only just catching up.

Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|