Comment 148 for bug 2004555

Revision history for this message
Jeremy Stanley (fungi) wrote : Re: Unauthorized volume access through deleted volume attachments (CVE-2023-2088)

A quick reminder: We're scheduled to make this information public at 15:00 UTC tomorrow (Wednesday, May 10). I'll be switching the bug report to Public Security a few minutes before that, so the devs involved can start pushing patches/backports into Gerrit at that time (I'll also comment on the bug letting everyone know to start). Once everything has been pushed to Gerrit, so that we know what the change URLs are for all of them, I can publish the advisory and accompanying security note to the security.openstack.org site and relevant mailing lists. Timely attention to getting those changes pushed is, therefore, greatly appreciated.