On Sat, Apr 12, 2014 at 06:50:49PM +0100, Peter Maydell wrote:
> On 12 April 2014 18:48, Michael S. Tsirkin <m...@redhat.com> wrote:
> > On Sat, Apr 12, 2014 at 12:48:41PM +0400, Michael Tokarev wrote:
> >> 11.04.2014 21:37, Peter Maydell wrote:
> >> >  * vmxnet3 patches
> >>
> >> I think this is not dangerous to go in before 2.0.  We wont have more
> >> testing even if it were applied much earlier, because this device is
> >> rather exotic in qemu world and isn't used often.  On the other hand,
> >> having less CVE IDs for a release is good, in my opinion.
> >
> > The CVE in question deal with malicious state loading.
> 
> I meant patches 1 and 2; I agree that the malicious state loading
> fixes are not interesting for 2.0.
> 
> thanks
> -- PMM

Yes, I agree with these ones.


Reply via email to