| *** atmark is now known as Guest305 | 02:10 | |
| rajiv | Hi, is there a fix for CVE-2022-4134 ? online articles suggest its in-progress | 13:16 |
|---|---|---|
| croelandt | rajiv: this is https://wiki.openstack.org/wiki/OSSN/OSSN-0090 , right? I think the fix is the dual glance-api setup | 13:38 |
| rajiv | yes, this is the mitigation : https://access.redhat.com/security/cve/CVE-2022-4134 ? | 13:41 |
| rajiv | if show_multiple_locations is not enabled in my setup i am exposed to this CVE correct ? | 13:42 |
| croelandt | if it's not enabled, I think you are not affected | 13:45 |
| rajiv | okay, docu says this flag is deprecated and removal from Newton release | 13:46 |
| croelandt | yeah but it's unfortunately still there | 13:46 |
| rajiv | https://docs.openstack.org/glance/yoga/configuration/glance_api.html#DEFAULT.show_multiple_locations | 13:46 |
| rajiv | okay, thanks | 13:46 |
| croelandt | should be removed once we have https://review.opendev.org/c/openstack/glance-specs/+/840882 | 13:46 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!