Comment 9 for bug 1699573

Revision history for this message
Jeremy Stanley (fungi) wrote :

Given that the proposed fix seems like it's taking a non-backportable route, I'm going to mark the security advisory task as won't fix citing report class B1 or maybe C2 per the OpenStack VMT's report taxonomy: https://security.openstack.org/vmt-process.html#incident-report-taxonomy (which class it is depends on whether you view the cinder patch as a vulnerability fix or merely a workaround for a vulnerability in the vendor's device).