Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <aZSaoplaTUjwzRM_@yuggoth.org>
Date: Tue, 17 Feb 2026 16:43:14 +0000
From: Jeremy Stanley <fungi@...goth.org>
To: oss-security@...ts.openwall.com
Subject: Re: [OSSA-2026-002] OpenStack Nova: calls qemu-img
 without format restrictions for resize (CVE-2026-24708)

On 2026-02-17 17:10:27 +0100 (+0100), Salvatore Bonaccorso wrote:
[...]
> Just a small heads-up: The title mentions CVE-2026-24708, but the mail
> body once CVE-2026-24708 and refers to CVE-2026-24709. My
> understandign is that CVE-2026-24708 should be the correct one as this
> was the CVE originally mentioned.
>
> Jeremy, can you confirm: CVE-2026-2470*8* is the one to use?

Thanks for catching that! It slipped through code review, we should 
probably redesign our metadata to not need repetition of the CVE ID.

You are correct, CVE-2026-24708 is the identifier MITRE assigned. 
I'll issue errata shortly revising the publication accordingly. 
Thanks again!
-- 
Jeremy Stanley
OpenStack Vulnerability Management Team
https://security.openstack.org/vmt.html

Download attachment "signature.asc" of type "application/pgp-signature" (964 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.