Comment 86 for bug 2059809
Revision history for this message
| Brian Rosmaita (brian-rosmaita) wrote Re: Arbitrary file access through QCOW2 external data file | #86 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
OK, thanks, that gives me some more perspective. The QEMU maintainers agree that it's not safe to run 'qemu-img info' on an untrusted qcow2 with a data_file, which is exactly the topic of this LP bug/CVE, so I'll see what I can do to adapt Dan's nova patch to cinder.