Comment 82 for bug 1996188
Revision history for this message
| Jeremy Stanley (fungi) wrote Re: Arbitrary file access through custom VMDK flat descriptor (CVE-2022-47951) | #82 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
4d1350f
(Get the code!)
With Dan's additional clean stable/xena backport in comment #81 I think I have everything I need to schedule the advisory. I'll plan to send advance notification to downstream stakeholders with a copy of all the patches I listed in comment #80 plus the added one from #81 on Thursday, January 12, with the expectation of full publication of the advisory and pushing patches for public review at 15:00 UTC on Thursday, January 19. That gives a full 5 business days, the maximum our advisory process allows us, for package maintainers and operators to prepare updated versions.
If anyone objects to the proposed timeline, please comment on this bug report before Thursday of this week (I know this is tight timing, but the sooner it's done the better). Thanks!