Comment 106 for bug 1996188
Revision history for this message
| Thomas Goirand (thomas-goirand) wrote Re: Arbitrary file access through custom VMDK flat descriptor (CVE-2022-47951) | #106 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
The Nova patch can be backported up to Ussuri (I tried...), though before, it's complicated, because oslo.util QemuImgInfo doesn't have a format_specific attribute. For it, we would need to backport this patch:
https:/
What does upstream recommend? Should we also patch oslo.utils? Or get that information somehow, in another way in Nova? FYI, I'll try backporting the above patch and see how it goes...