+-- On Fri, 26 Oct 2018, Mark Kanda wrote --+
| Yes, please use that acknowledgement text in lieu of a 'Reported-by' line.
Okay, thank you.
--
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F
On 10/26/2018 1:37 PM, P J P wrote:
+-- On Fri, 26 Oct 2018, Mark Kanda wrote --+
| Deja vu requested that we include the following text in the commit message:
|
| Discovered by Deja vu Security. Reported by Oracle.
|
| Would that be acceptable?
Generally an email-id is used/preferred in
+-- On Fri, 26 Oct 2018, Mark Kanda wrote --+
| Deja vu requested that we include the following text in the commit message:
|
| Discovered by Deja vu Security. Reported by Oracle.
|
| Would that be acceptable?
Generally an email-id is used/preferred in the commit log message. We could
On 10/26/2018 4:25 AM, P J P wrote:
+-- On Thu, 25 Oct 2018, Ameya More wrote --+
| While Mark and I reported this issue to you, it was actually discovered by
| Dejvau Security and they should receive credit for reporting this issue.
| http://www.dejavusecurity.com
I see; Would it be
+-- On Fri, 26 Oct 2018, Paolo Bonzini wrote --+
| > -int msg_len;
| > +uint8_t msg_len;
|
| Not wrong per se, but it's also not clear why it's needed. I understand
| that you want to switch from signed to unsigned, but it is not mentioned
| in the commit message.
Changed to uint8_t
+-- On Thu, 25 Oct 2018, Ameya More wrote --+
| While Mark and I reported this issue to you, it was actually discovered by
| Dejvau Security and they should receive credit for reporting this issue.
| http://www.dejavusecurity.com
I see; Would it be possible to share email-id of the original
On 25/10/2018 22:09, P J P wrote:
> From: Prasad J Pandit
>
> While writing a message in 'lsi_do_msgin', message length value
> in msg_len could be invalid, add check to avoid OOB access issue.
>
> Reported-by: Ameya More
> Signed-off-by: Prasad J Pandit
> ---
> hw/scsi/lsi53c895a.c | 9
Hi Prasad,
Thanks for following up on this. While Mark and I reported this issue to
you, it was actually discovered by Dejvau Security and they should
receive credit for reporting this issue.
http://www.dejavusecurity.com
Thanks,
Ameya
On 10/25/2018 03:09 PM, P J P wrote:
From: Prasad J
From: Prasad J Pandit
While writing a message in 'lsi_do_msgin', message length value
in msg_len could be invalid, add check to avoid OOB access issue.
Reported-by: Ameya More
Signed-off-by: Prasad J Pandit
---
hw/scsi/lsi53c895a.c | 9 ++---
1 file changed, 6 insertions(+), 3