[openstack-announce] [OSSA-2023-002] Cinder, Glance, Nova: Arbitrary file access through custom VMDK flat descriptor (CVE-2022-47951)
Jeremy Stanley
fungi at yuggoth.org
Wed Feb 1 20:38:06 UTC 2023
On 2023-02-01 21:15:34 +0100 (+0100), Thomas Goirand wrote:
[...]
> I hope all Debian users appreciate the amount of work I've put
> into this, and hope this will get more traction to Debian, knowing
> we are now engaged in a 5 years support.
[...]
That's awesome news! Thanks for being so thorough with security
fixes.
I'm also still keen to reignite discussions on the spi-general ML
about having Debian (or SPI on Debian's behalf) as an Associate
Member of the OpenInfra Foundation so that we can more easily
justify joint marketing efforts, but now that I'm on the SPI board
of directors I have a clear conflict of interest and can't really
drive that conversation. I'm hoping we can find more official Debian
Developers to chime in on the discussion this time, so am eager to
hear from anyone willing to help with that effort.
--
Jeremy Stanley
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: not available
URL: <https://lists.openstack.org/pipermail/openstack-discuss/attachments/20230201/107474a5/attachment.sig>
More information about the openstack-discuss
mailing list