Comment 231 for bug 2059809
Revision history for this message
| Dan Smith (danms) wrote Re: Arbitrary file access through QCOW2 external data file (CVE-2024-32498) | #231 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
I'm adding this for Zigo, but it may help other people. It's a very minimal squashed set of patches to get format_inspector into glance for older versions which would require tons of backports to make clean. It's applied against roughly train timeframe.
I'm adding this as a file not a patch, so use at your discretion (or as a guide). It has not gone through our testing yet, only unit tests. It doesn't bring all the testing for format_inspector (like we're doing for nova and cinder) but does bring the tests that confirms glance uses it properly.