Comment 15 for bug 1524274
Revision history for this message
| Matthew Booth (mbooth-9) wrote Re: Unprivileged api user can access host data using instance snapshot | #15 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
Nikola,
I figured that while the 2 issues are technically separate, though, the exploit and impact is essentially identical. i.e. from a user and patching pov, they're the same thing. In particular, I'd worry about producing 2 very similar CVEs with the same impact and exploit, but with different sets of affected users. The potential outcome of that is that somebody might mix them up and not patch, whereas in practice almost everybody has to patch.
However, I'm not sufficiently familiar with the process to know whether 2 bugs or 1 handles this better. I'm happy to create a second bug for the convert_image issue if that's more useful. I'll continue treating them as 1 issue until somebody better informed tells me otherwise.