I wrote: > I think I have discovered a vulnerability in qemu. It is related to > the block device drivers: that is, the backends which implement the > functionality offered to a guest via emulated block devices such as > the emulated IDE controller. Oops, it looks like I got the address wrong. I didn't intend to mail the public debian-security@d.o list but rather the private security team list. Too late now. Ian.