|
From: | Paolo Bonzini |
Subject: | Re: [PATCH] ide:atapi: check io_buffer_index in ide_atapi_cmd_reply_end |
Date: | Tue, 1 Dec 2020 16:42:32 +0100 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.4.0 |
On 01/12/20 16:30, Peter Maydell wrote:
On Tue, 1 Dec 2020 at 15:28, Philippe Mathieu-Daudé <philmd@redhat.com> wrote:About reproducer, Michael asked about CVE-2020-24352 (ati_vga OOB in ati_2d_blt) this morning. What happens to reproducers when a CVE is assigned, but the bug is marked as "out of the QEMU security boundary"?Also, why are we assigning CVEs for bugs we don't consider security bugs?
Sometimes CVEs are requested by other entities even before reaching the QEMU security mailing list.
Paolo
[Prev in Thread] | Current Thread | [Next in Thread] |