From: Peter Maydell <peter.maydell@linaro.org>
To: Gerd Hoffmann <kraxel@redhat.com>
Cc: QEMU Developers <qemu-devel@nongnu.org>
Subject: Re: [Qemu-devel] [PATCH 1/2] CVE-2015-1779: incrementally decode websocket frames
Date: Wed, 1 Apr 2015 14:41:57 +0100 [thread overview]
Message-ID: <CAFEAcA_XhaNO6vOJw3NDFxLNpZWgoM334-oeUnLNnfom9CsShQ@mail.gmail.com> (raw)
In-Reply-To: <1427895415.6445.8.camel@nilsson.home.kraxel.org>
On 1 April 2015 at 14:36, Gerd Hoffmann <kraxel@redhat.com> wrote:
> Confirmed. Fixes the issues I've seen in testing and looks sensible to
> me. Comment from Daniel would be nice, especially as I know next to
> nothing about websockets, but he seems to be off into the easter
> holidays already.
>
> So, with -rc2 waiting for this (and being late already) I think I'll
> squash in the incremental fix and prepare a pull request even without
> Daniels ack ...
Yes, that seems best. Given that this is a CVE fix can you
make sure the change is called out clearly in the commit
message so it's easy for downstreams to see which version
of the fix they have applied? Might be worth including the
fixup-diff in the commit message...
thanks
-- PMM
next prev parent reply other threads:[~2015-04-01 13:42 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-03-23 22:58 [Qemu-devel] [PATCH 0/2] CVE-2015-1779: fix denial of service in VNC websockets Daniel P. Berrange
2015-03-23 22:58 ` [Qemu-devel] [PATCH 1/2] CVE-2015-1779: incrementally decode websocket frames Daniel P. Berrange
2015-03-31 17:42 ` Peter Maydell
2015-04-01 13:36 ` Gerd Hoffmann
2015-04-01 13:41 ` Peter Maydell [this message]
2015-04-09 14:12 ` Daniel P. Berrange
2015-03-31 18:01 ` Peter Maydell
2015-03-23 22:58 ` [Qemu-devel] [PATCH 2/2] CVE-2015-1779: limit size of HTTP headers from websockets clients Daniel P. Berrange
2015-03-24 15:51 ` [Qemu-devel] [PATCH 0/2] CVE-2015-1779: fix denial of service in VNC websockets Gerd Hoffmann
2015-03-31 9:17 ` Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAFEAcA_XhaNO6vOJw3NDFxLNpZWgoM334-oeUnLNnfom9CsShQ@mail.gmail.com \
--to=peter.maydell@linaro.org \
--cc=kraxel@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).