Glance

  1. Bug #1996188
  2. Comment #88

Comment 88 for bug 1996188

Revision history for this message
Brian Rosmaita (brian-rosmaita) wrote : Re: Arbitrary file access through custom VMDK flat descriptor (CVE-2022-47951)

Cinder update: the parent patch mentioned in comment #86 has been approved in all relevant branches and is slowly making its way through the gates:
https://review.opendev.org/q/topic:qemu-img-info-json

I tested the current cinder-1996188-zed.patch attached to this bug and it applies cleanly to the current HEAD of stable/zed. I will test the others as they merge.