Comment 305 for bug 2059809
Revision history for this message
| sean mooney (sean-k-mooney) wrote | #305 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
thanks for letting use know iso is not covered.
if other have edgecase that are allow but are vulnerable please do not add them as a comment to this bug.
iso are not currently accepted so by lack of support the vulnerability to having qcow in the system area
however if the format inspector was passing that this would have been a disclosure of an unpatched security bug...
if operators or disto maintianer find new issues in this space file a private security bug and reference this bug in the description so that we can assees the impact and handle it appropriately.
I'll start working on the iso inspector but for distos that have already released the current fix we will have to work on another full cve release and testing cycle for all supported releases.
this will be one additional patch on top of each series for each project to minimise impact