On 20/05/2015 18:40, Don Slutz wrote:
> On 05/15/15 04:49, Ian Campbell wrote:
>> On Fri, 2015-05-15 at 00:42 +0100, Andrew Cooper wrote:
>>> On 15/05/2015 00:34, Don Slutz wrote:
>>>> This allows use of QEMU's VMware emulated video card
>>>>
>>>> Signed-off-by: Don Slutz <dsl...@verizon.com>
>>> Nack.
>>>
>>> Qemu-trad is currently has remote code execution vulnerabilities in its
>>> vmware vga model.  CVE-2014-3689 amongst others.
>> Maybe we should only be exposing this new functionality with the
>> qemu-upstream model?
>>
>> In general we've not been taking new development to -trad for some time.
>>
> I plan to go with the prevent usage of vga=vmware in
> device_model_version=qemu-xen-traditional
>
>    -Don Slutz

That is perfectly fine from my point of view.  (All I care about is not
exposing known RCEs)

~Andrew

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

Reply via email to