On 12/11/2014 03:40 AM, Martin Kletzander wrote:
>> I can help with the security notices, as we have several other CVEs that
>> will also be plugged in time for 1.2.11.
>>
>
> That would be great. Just to complete this info, there's one
> additional patch that's needed for this CVE fix to be comp
On Wed, Dec 10, 2014 at 10:18:08AM -0700, Eric Blake wrote:
On 12/10/2014 01:25 AM, Martin Kletzander wrote:
When user doesn't have read access on one of the domains he requested,
the for loop could exit abruptly or continue and override pointer which
pointed to locked object.
This patch fixed
On 12/10/2014 01:25 AM, Martin Kletzander wrote:
> When user doesn't have read access on one of the domains he requested,
> the for loop could exit abruptly or continue and override pointer which
> pointed to locked object.
>
> This patch fixed two issues at once. One is that domflags might have
When user doesn't have read access on one of the domains he requested,
the for loop could exit abruptly or continue and override pointer which
pointed to locked object.
This patch fixed two issues at once. One is that domflags might have
had QEMU_DOMAIN_STATS_HAVE_JOB even when there was no job s