Comment 97 for bug 1996188
Revision history for this message
| Thomas Goirand (thomas-goirand) wrote Re: Arbitrary file access through custom VMDK flat descriptor (CVE-2022-47951) | #97 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
2eb648a
demo site
(Get the code!)
Hi,
FYI, in Debian, I intend to backport the patches on all versions from Rocky to Zed, taking a bit more attention for Rocky (which is in Buster, so Debian LTS) and Victoria (which is in Bullseye). The patches, especially the Nova one, are small enough so that backport looks doable. I'll attempt to do them myself, but I'd love if it could also be pushed on Gerrit on each individual branches.
I've read that RedHat still has customers on Queens. So probably it's going to be done there.
FYI, I already have a working Nova patch for Victoria, which I'm attaching.
Is there anything I should be aware when backporting before Victoria (and Train, since Glance goes up to there)?
Can we also somehow share the patches for older branches?
Your thoughts anyone?