[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH] ide: fix ATAPI command permissions

From: Michael Tokarev
Subject: Re: [Qemu-devel] [PATCH] ide: fix ATAPI command permissions
Date: Fri, 11 Sep 2015 09:56:29 +0300
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Icedove/31.8.0

09.09.2015 19:28, John Snow wrote:
> We're a little too lenient with what we'll let an ATAPI drive handle.
> Clamp down on the IDE command execution table to remove CD_OK permissions
> from commands that are not and have never been ATAPI commands.

FWIW, this issue has been assigned CVE-2015-6855 identifier, which
can be reflected in the commit message when applying.  Since this
issue has security impact, it might be a good idea to add

Cc: address@hidden



reply via email to

[Prev in Thread] Current Thread [Next in Thread]