That all said, the scope of the libvirt / qemu bug was a local user information leak.
If Nova turns that compute-node local info leak, into a remote user information leak by publicizing the error message somewhere, that could be considered a genuinely new security bug in nova.
That all said, the scope of the libvirt / qemu bug was a local user information leak.
If Nova turns that compute-node local info leak, into a remote user information leak by publicizing the error message somewhere, that could be considered a genuinely new security bug in nova.