Comment 89 for bug 1996188
Revision history for this message
| Brian Rosmaita (brian-rosmaita) wrote Re: Arbitrary file access through custom VMDK flat descriptor (CVE-2022-47951) | #89 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
4d1350f
(Get the code!)
All cinder-1996188-* patches from zed through wallaby apply cleanly to the current stable branches.
I'm attaching a victoria patch for review. We hit an issue in cinder victoria that requires either a change in requirements.txt or a code adjustment [0]. Preliminary discussion with the release team was that upping the min in requirements would ordinarily be allowed for a security issue, but not for a branch like victoria in maintenance Phase 2 [1].
Since my intent is to backport this as far as train, where using oslo.utils 4.1.0 is out of the question because 4.1.0 doesn't support py27, whereas train does, and thus we'd have to do the code adjustment there in any case, I chose to take the code adjustment path in victoria.
The victoria patch should backport fairly cleanly to ussuri, and cleanly from there to train. So I'll wait to post the ussuri and train patches until people have had time to review the victoria patch.
[0] https:/
[1] https:/