OK, thanks, that gives me some more perspective. The QEMU maintainers agree that it's not safe to run 'qemu-img info' on an untrusted qcow2 with a data_file, which is exactly the topic of this LP bug/CVE, so I'll see what I can do to adapt Dan's nova patch to cinder.
OK, thanks, that gives me some more perspective. The QEMU maintainers agree that it's not safe to run 'qemu-img info' on an untrusted qcow2 with a data_file, which is exactly the topic of this LP bug/CVE, so I'll see what I can do to adapt Dan's nova patch to cinder.