Ubuntu Cloud Archive

  1. Bug #2059809
  2. Comment #218

Comment 218 for bug 2059809

Revision history for this message
Brian Rosmaita (brian-rosmaita) wrote : Re: Arbitrary file access through QCOW2 external data file (CVE-2024-32498)

I have to update the cinder patch; the current one breaks the generic nfs driver (and probably some other drivers that are based on it). I will make my changes basesd on cinder-2059809-unified-master-v2.txt and will add Dan's QED format rejection code to it. I will name this patch as follows:
    cinder-2059809-unified-master-v7.patch
("v7" because at the rate people keep updating patches on this bug, there may already be a v3 by the time i finish typing this sentence)

As soon as that is posted, I will grab a cinder coresec for a review, and once it gets thumbs up, i will post backports.