On 12 April 2014 18:48, Michael S. Tsirkin <m...@redhat.com> wrote: > On Sat, Apr 12, 2014 at 12:48:41PM +0400, Michael Tokarev wrote: >> 11.04.2014 21:37, Peter Maydell wrote: >> > * vmxnet3 patches >> >> I think this is not dangerous to go in before 2.0. We wont have more >> testing even if it were applied much earlier, because this device is >> rather exotic in qemu world and isn't used often. On the other hand, >> having less CVE IDs for a release is good, in my opinion. > > The CVE in question deal with malicious state loading.
I meant patches 1 and 2; I agree that the malicious state loading fixes are not interesting for 2.0. thanks -- PMM
