Comment 41 for bug 1524274
Revision history for this message
| Matthew Booth (mbooth-9) wrote Re: Unprivileged api user can access host data using instance snapshot (CVE-2015-7548) | #41 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
a60fb26
(Get the code!)
Backports look good to me. I've inspected them, and run pep8 and unit tests against all of them individually (kilo and liberty). I haven't tested them in a complete working system, though, or run tempest against them.
The only comment I would make is that ideally the cherry-pick line would either refer to an actual upstream commit, or be omitted. Right now it refers to something in your local tree. It might be simpler just to omit it, or to frig the commit messages after it actually lands on upstream master. However, this is a minor point, and shouldn't hold anything up.