On Mon, Jun 03, 2019 at 03:10:55PM +0200, Juergen Gross wrote: > On 03/06/2019 14:02, Ben Hutchings wrote: > > On Mon, 2019-06-03 at 10:00 +0200, Greg KH wrote: > >> On Thu, May 30, 2019 at 07:02:34PM -0700, Konrad Rzeszutek Wilk wrote: > >>> On 5/30/19 8:16 AM, Ben Hutchings wrote: > >>>> I'm looking at CVE-2015-8553 which is fixed by: > >>>> > >>>> commit 7681f31ec9cdacab4fd10570be924f2cef6669ba > >>>> Author: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx> > >>>> Date: Wed Feb 13 18:21:31 2019 -0500 > >>>> > >>>> xen/pciback: Don't disable PCI_COMMAND on PCI device reset. > >>>> > >>>> I'm aware that this change is incompatible with qemu < 2.5, but that's > >>>> now quite old. Do you think it makes sense to apply this change to > >>>> some stable branches? > >>>> > >>>> Ben. > >>>> > >>> > >>> Hey Ben, > >>> > >>> <shrugs> My opinion is to drop it, but if Juergen thinks it makes sense to > >>> backport I am not going to argue. > >> > >> Ok, I've queued this up now, thanks. > > > > Juergen said: > > > >> I'm with Konrad here. > > > > so unless I'm very confused this should *not* be applied to stable > > branches. > > "should not" is a little bit hard. I didn't opt for adding it, but I > don't object to add it either (like Konrad :-) ). Ok, I've added it as it does fix a CVE, and if I don't, I'll get odd emails 6 months from now asking why I didn't include it... thanks, greg k-h