[PATCH] NEWS: mention CVE-2020-25637 in v6.8.0 release notes
--- NEWS.rst | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/NEWS.rst b/NEWS.rst index de46cac8c5..f6074d9fe8 100644 --- a/NEWS.rst +++ b/NEWS.rst @@ -27,6 +27,14 @@ v6.9.0 (unreleased) v6.8.0 (2020-10-01) =================== +* **Security** + + * qemu: double free in qemuAgentGetInterfaces() in qemu_agent.c + + Clients connecting to the read-write socket with limited ACL permissions + may be able to crash the libvirt daemon, resulting in a denial of service, + or potentially escalate their privileges on the system. CVE-2020-25637. + * **New features** * xen: Add ``writeFiltering`` attribute for PCI devices -- 2.26.2
On a Friday in 2020, Mauro Matteo Cascella wrote:
---
A 'Signed-off-by' line to indicate your compliance with the Developer Certificate of Origin is required: https://libvirt.org/hacking.html#developer-certificate-of-origin (You can reply to this thread with that line, no need to resend the patch)
NEWS.rst | 8 ++++++++ 1 file changed, 8 insertions(+)
Reviewed-by: Ján Tomko <jtomko@redhat.com> Jano
Thanks for noticing. I actually followed the instructions at [1] and forgot to sign the commit. I will send another patch to add a reference on that page as well. [1] https://libvirt.org/submitting-patches.html Signed-off-by: Mauro Matteo Cascella <mcascell@redhat.com> On Fri, Oct 2, 2020 at 1:26 PM Ján Tomko <jtomko@redhat.com> wrote:
On a Friday in 2020, Mauro Matteo Cascella wrote:
---
A 'Signed-off-by' line to indicate your compliance with the Developer Certificate of Origin is required: https://libvirt.org/hacking.html#developer-certificate-of-origin
(You can reply to this thread with that line, no need to resend the patch)
NEWS.rst | 8 ++++++++ 1 file changed, 8 insertions(+)
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Jano
-- Mauro Matteo Cascella, Red Hat Product Security 6F78 E20B 5935 928C F0A8 1A9D 4E55 23B8 BB34 10B0
participants (2)
-
Ján Tomko -
Mauro Matteo Cascella