Comment 105 for bug 2059809
Revision history for this message
| Sylvain Bauza (sylvain-bauza) wrote Re: Arbitrary file access through QCOW2 external data file | #105 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
I just discussed with Dan. As he just explained, even if the default format inspector won't check that it's another format but RAW, nova will know treat it as RAW and fail accordingly so we should be fine.
I also agreed on the Glance proposal he explained above (detecting the format in the upload pipeline) but for the sake of this CVE, this would only be an improvement and not be part of the CVE resolution.