|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH v10 01/10] tools: Add vga=vmware
On 20/05/2015 18:40, Don Slutz wrote: > On 05/15/15 04:49, Ian Campbell wrote: >> On Fri, 2015-05-15 at 00:42 +0100, Andrew Cooper wrote: >>> On 15/05/2015 00:34, Don Slutz wrote: >>>> This allows use of QEMU's VMware emulated video card >>>> >>>> Signed-off-by: Don Slutz <dslutz@xxxxxxxxxxx> >>> Nack. >>> >>> Qemu-trad is currently has remote code execution vulnerabilities in its >>> vmware vga model. CVE-2014-3689 amongst others. >> Maybe we should only be exposing this new functionality with the >> qemu-upstream model? >> >> In general we've not been taking new development to -trad for some time. >> > I plan to go with the prevent usage of vga=vmware in > device_model_version=qemu-xen-traditional > > -Don Slutz That is perfectly fine from my point of view. (All I care about is not exposing known RCEs) ~Andrew _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |