From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from [140.186.70.92] (port=57799 helo=eggs.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1PIRpB-0006al-Sm
	for qemu-devel@nongnu.org; Tue, 16 Nov 2010 15:08:19 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <anthony@codemonkey.ws>) id 1PIRpA-0000pY-JD
	for qemu-devel@nongnu.org; Tue, 16 Nov 2010 15:08:17 -0500
Received: from mail-iw0-f173.google.com ([209.85.214.173]:51016)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <anthony@codemonkey.ws>) id 1PIRpA-0000pM-GB
	for qemu-devel@nongnu.org; Tue, 16 Nov 2010 15:08:16 -0500
Received: by iwn36 with SMTP id 36so1243892iwn.4
	for <qemu-devel@nongnu.org>; Tue, 16 Nov 2010 12:08:16 -0800 (PST)
Message-ID: <4CE2E4AD.2040302@codemonkey.ws>
Date: Tue, 16 Nov 2010 14:08:13 -0600
From: Anthony Liguori <anthony@codemonkey.ws>
MIME-Version: 1.0
Subject: Re: [Qemu-devel] [PATCH] Out off array access in usb-net
References: <20101109073653.GF9036@redhat.com>	<m3eiaun8s1.fsf@blackfin.pond.sub.org>	<20101109093901.GM9036@redhat.com>	<m3iq06hkdw.fsf@blackfin.pond.sub.org>	<20101109103422.GN9036@redhat.com>
	<m31v6uepmm.fsf@blackfin.pond.sub.org>
In-Reply-To: <m31v6uepmm.fsf@blackfin.pond.sub.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Markus Armbruster <armbru@redhat.com>
Cc: qemu-devel@nongnu.org, Gleb Natapov <gleb@redhat.com>

On 11/09/2010 04:51 AM, Markus Armbruster wrote:
> Gleb Natapov<gleb@redhat.com>  writes:
>
>    
>> On Tue, Nov 09, 2010 at 11:16:43AM +0100, Markus Armbruster wrote:
>>      
>>> Gleb Natapov<gleb@redhat.com>  writes:
>>>
>>>        
>>>> On Tue, Nov 09, 2010 at 10:30:54AM +0100, Markus Armbruster wrote:
>>>>          
>>>>> Gleb Natapov<gleb@redhat.com>  writes:
>>>>>
>>>>>            
>>>>>> Properly check array bounds before accessing array element.
>>>>>>              
>>>>> Impact?
>>>>>
>>>>>            
>>>> Gapping security hole for those unfortunate enough to use usb-net?
>>>>          
>>> Doesn't that bit of information belong in the commit message.
>>>
>>>        
>> Some people prefer not to put such information into commit message.
>>      
> Correct, but does "some people" include the QEMU maintainers?  Anthony?
>    

I don't have a strong opinion either way.  If there's a CVE, I'd prefer 
the CVE number was prominent in the commit log but other than that, I'd 
leave it to the author's discretion.

Regards,

Anthony Liguori

> [...]
>
>
>