On Tue, Nov 16, 2010 at 02:08:13PM -0600, Anthony Liguori wrote: > On 11/09/2010 04:51 AM, Markus Armbruster wrote: > >Gleb Natapov<g...@redhat.com> writes: > > > >>On Tue, Nov 09, 2010 at 11:16:43AM +0100, Markus Armbruster wrote: > >>>Gleb Natapov<g...@redhat.com> writes: > >>> > >>>>On Tue, Nov 09, 2010 at 10:30:54AM +0100, Markus Armbruster wrote: > >>>>>Gleb Natapov<g...@redhat.com> writes: > >>>>> > >>>>>>Properly check array bounds before accessing array element. > >>>>>Impact? > >>>>> > >>>>Gapping security hole for those unfortunate enough to use usb-net? > >>>Doesn't that bit of information belong in the commit message. > >>> > >>Some people prefer not to put such information into commit message. > >Correct, but does "some people" include the QEMU maintainers? Anthony? > > I don't have a strong opinion either way. If there's a CVE, I'd > prefer the CVE number was prominent in the commit log but other than > that, I'd leave it to the author's discretion. > No CVE. Please apply as is.
-- Gleb.