On Tue, 1 Dec 2020 at 15:28, Philippe Mathieu-Daudé <phi...@redhat.com> wrote: > About reproducer, Michael asked about CVE-2020-24352 (ati_vga OOB in > ati_2d_blt) this morning. What happens to reproducers when a CVE is > assigned, but the bug is marked as "out of the QEMU security boundary"?
Also, why are we assigning CVEs for bugs we don't consider security bugs? thanks -- PMM
