OpenStack Compute (nova)

  1. Bug #2071734
  2. Comment #48

Comment 48 for bug 2071734

Revision history for this message
Thomas Goirand (thomas-goirand) wrote : Re: Regression VMDK/qcow arbitrary file access (CVE-2024-40767)

Hi.

Thanks Jeremy for the new CVE number. That's indeed easier to manage for everyone.

Thanks Sean and Dan for the work and patches. FYI, I have been able to apply it to Antelope to Caracal, and could also build backports from Victoria to Zed, without any regression when running unit tests at package build time.

I still have to run functional tempest testing with my nested-virtualized-PoC [1] (under both Victoria and Zed, as they are respectively the versions in Bullseye and Bookworm), though so far it's looking good. :)

Cheers,

Thomas Goirand (zigo)

[1] https://salsa.debian.org/openstack-team/debian/openstack-cluster-installer#using-oci-poc-package-for-fun-and-profit