On Tue, Nov 16, 2010 at 02:08:13PM -0600, Anthony Liguori wrote:
> On 11/09/2010 04:51 AM, Markus Armbruster wrote:
> >Gleb Natapov<g...@redhat.com> writes:
> >
> >>On Tue, Nov 09, 2010 at 11:16:43AM +0100, Markus Armbruster wrote:
> >>>Gleb Natapov<g...@redhat.com> writes:
> >>>
> >>>>On Tue, Nov 09, 2010 at 10:30:54AM +0100, Markus Armbruster wrote:
> >>>>>Gleb Natapov<g...@redhat.com> writes:
> >>>>>
> >>>>>>Properly check array bounds before accessing array element.
> >>>>>Impact?
> >>>>>
> >>>>Gapping security hole for those unfortunate enough to use usb-net?
> >>>Doesn't that bit of information belong in the commit message.
> >>>
> >>Some people prefer not to put such information into commit message.
> >Correct, but does "some people" include the QEMU maintainers? Anthony?
>
> I don't have a strong opinion either way. If there's a CVE, I'd
> prefer the CVE number was prominent in the commit log but other than
> that, I'd leave it to the author's discretion.
>
No CVE. Please apply as is.
--
Gleb.
