On 09/11/2015 02:56 AM, Michael Tokarev wrote: > 09.09.2015 19:28, John Snow wrote: >> We're a little too lenient with what we'll let an ATAPI drive handle. >> Clamp down on the IDE command execution table to remove CD_OK permissions >> from commands that are not and have never been ATAPI commands. > > FWIW, this issue has been assigned CVE-2015-6855 identifier, which > can be reflected in the commit message when applying. Since this > issue has security impact, it might be a good idea to add > > Cc: qemu-sta...@nongnu.org > > Thanks, > > /mjt >
I'm still awaiting review/acks, but would you like me to re-send this patch to trivial, or just fwd/reply-to? Thanks, --js
