09.09.2015 19:28, John Snow wrote: > We're a little too lenient with what we'll let an ATAPI drive handle. > Clamp down on the IDE command execution table to remove CD_OK permissions > from commands that are not and have never been ATAPI commands.
FWIW, this issue has been assigned CVE-2015-6855 identifier, which can be reflected in the commit message when applying. Since this issue has security impact, it might be a good idea to add Cc: qemu-sta...@nongnu.org Thanks, /mjt
