Comment 98 for bug 2059809
Revision history for this message
| Jeremy Stanley (fungi) wrote Re: Arbitrary file access through QCOW2 external data file | #98 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
Thanks Dan. In earlier discussion with the QEMU developers, it wasn't clear whether they considered that behavior an actual security vulnerability or just a bug worth fixing, what their priority might be for backporting it to older QEMU releases, and what sort of timeframe we'd be looking at for downstream GNU/Linux LTS server distros to get those fixes into their respective packages. If they're just going to publicly announce there's a fix upstream in master and expect distros to eventually pick it up, that leaves many of our users in an unfortunate situation for a while, so being able to filter problem images without relying on calls to `qemu-img info` still sounds like the safer choice in the interim.