14.09.2015 21:04, John Snow wrote: > On 09/11/2015 02:56 AM, Michael Tokarev wrote: >> 09.09.2015 19:28, John Snow wrote: >>> We're a little too lenient with what we'll let an ATAPI drive handle. >>> Clamp down on the IDE command execution table to remove CD_OK permissions >>> from commands that are not and have never been ATAPI commands. >> >> FWIW, this issue has been assigned CVE-2015-6855 identifier, which >> can be reflected in the commit message when applying. Since this >> issue has security impact, it might be a good idea to add >> >> Cc: qemu-sta...@nongnu.org > > I'm still awaiting review/acks, but would you like me to re-send this > patch to trivial, or just fwd/reply-to?
I think it is anything but trivial ;) Well, the semantics is trivial, but it isn't -trivial material per se. I suggested add a Cc to qemu-stable, this can be done at commit, together with mentioning the CVE# assigned meanwhile, and I don't know who will commit it, Kevin? Thanks, /mjt
