On Sat, Apr 12, 2014 at 06:50:49PM +0100, Peter Maydell wrote: > On 12 April 2014 18:48, Michael S. Tsirkin <m...@redhat.com> wrote: > > On Sat, Apr 12, 2014 at 12:48:41PM +0400, Michael Tokarev wrote: > >> 11.04.2014 21:37, Peter Maydell wrote: > >> > * vmxnet3 patches > >> > >> I think this is not dangerous to go in before 2.0. We wont have more > >> testing even if it were applied much earlier, because this device is > >> rather exotic in qemu world and isn't used often. On the other hand, > >> having less CVE IDs for a release is good, in my opinion. > > > > The CVE in question deal with malicious state loading. > > I meant patches 1 and 2; I agree that the malicious state loading > fixes are not interesting for 2.0. > > thanks > -- PMM
Yes, I agree with these ones.
