@fungi, https://review.openstack.org/#/c/521662/ only goes back to stable/pike.
This other change, https://review.openstack.org/#/c/521186/, is what's going to go as far back as the fix for bug 1664931 (the original CVE that introduced the regressions laid out in this bug).
I think we're going to go forward with https://review.openstack.org/#/c/521186/ so we can get the backports started since we have to get those to stable/newton while it's still around upstream. What needs to happen for the errata on CVE-2017-16239?
So to recap:
1. https://review.openstack.org/#/c/521186/ and https://review.openstack.org/#/c/521391/ are fixes for regressions introduced by the fix for CVE-2017-16239 and are errata for that CVE, and need to get backported to stable/newton upstream.
2. https://review.openstack.org/#/c/521662/ is the fix for this new CVE and only goes back to stable/pike.
@fungi, https:/ /review. openstack. org/#/c/ 521662/ only goes back to stable/pike.
This other change, https:/ /review. openstack. org/#/c/ 521186/, is what's going to go as far back as the fix for bug 1664931 (the original CVE that introduced the regressions laid out in this bug).
I think we're going to go forward with https:/ /review. openstack. org/#/c/ 521186/ so we can get the backports started since we have to get those to stable/newton while it's still around upstream. What needs to happen for the errata on CVE-2017-16239?
So to recap:
1. https:/ /review. openstack. org/#/c/ 521186/ and https:/ /review. openstack. org/#/c/ 521391/ are fixes for regressions introduced by the fix for CVE-2017-16239 and are errata for that CVE, and need to get backported to stable/newton upstream.
2. https:/ /review. openstack. org/#/c/ 521662/ is the fix for this new CVE and only goes back to stable/pike.