24.08.2023 15:44, Philippe Mathieu-Daudé wrote: ..
This patch fixes CVE-2023-40360 ("QEMU: NVMe: NULL pointer dereference in nvme_directive_receive"). Were you aware of the security implications?Too bad we hadn't committed "Fixes: CVE-2023-40360" as that would have helped downstream distributions cherry-picking security fixes ASAP, since our stable is not that frequent.
https://tracker.debian.org/news/1455443/accepted-qemu-1804dfsg-2-source-into-unstable/ FWIW. /mjt
