Comment 23 for bug 1998625
Revision history for this message
| Tim Burke (1-tim-z) wrote Re: Arbitrary file access through custom S3 XML entities (CVE-2022-47950) | #23 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
Updated the patch to include a reference to the now-assigned CVE.
The one patch applies cleanly to stable/wallaby and later. For earlier branches, it should be fairly easy to cherry-pick; it's simple context differences for stable/train through stable/victoria, and a minor unit test conflict for stable/rocky and stable/stein.
Recently checked on the stable gates, too -- we should be able to merge patches at least as far back as stein without too much difficulty.
Matt, Alistair, Clay, can I get some reviews on the newest patch?
Jeremy, have we sent the advance notice already, or are we waiting on reviews? FWIW, the only feedback I expect would be with regard to testing -- the crux of the issue is the one line change in swift/common/