Comment 27 for bug 1524274
Revision history for this message
| Tristan Cacqueray (tristan-cacqueray) wrote Re: Unprivileged api user can access host data using instance snapshot | #27 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
67d34a1
(Get the code!)
Thanks Matthew, nova-coresec, please review proposed patch.
I'd like to request a CVE now with the proposed impact description in #21 since it's good enough for both issues (snapshot and live-snapshot).
If patches are approved by Monday morning (before 1500UTC), this could be disclosed the following Thursday:
2015-12-17, 1500 UTC
If patches are approved by Thursday, this would need to wait another week and could be disclosed the following Tuesday:
2015-12-22, 1500 UTC
This second date is not really ideal since it's dangerously close to Christmas holidays...