NEWS: mention CVE-2020-25637 in v6.8.0 release notes

author Mauro Matteo Cascella <mcascell@redhat.com>

Fri, 2 Oct 2020 11:09:35 +0000 (13:09 +0200)

committer Ján Tomko <jtomko@redhat.com>

Fri, 2 Oct 2020 15:35:41 +0000 (17:35 +0200)
author Mauro Matteo Cascella <mcascell@redhat.com>
Fri, 2 Oct 2020 11:09:35 +0000 (13:09 +0200)
committer Ján Tomko <jtomko@redhat.com>
Fri, 2 Oct 2020 15:35:41 +0000 (17:35 +0200)
diff --git a/NEWS.rst b/NEWS.rst

index de46cac8c59d2be6bc590256ff1c67f6d68b2de0..f6074d9fe89999c841beb3be02eb8aee4ae79f92 100644 (file)
--- a/NEWS.rst
+++ b/NEWS.rst
@@ -27,6 +27,14 @@ v6.9.0 (unreleased)
  v6.8.0 (2020-10-01)
  ===================
  
+* **Security**
+
+  * qemu: double free in qemuAgentGetInterfaces() in qemu_agent.c
+
+    Clients connecting to the read-write socket with limited ACL permissions
+    may be able to crash the libvirt daemon, resulting in a denial of service,
+    or potentially escalate their privileges on the system. CVE-2020-25637.
+
  * **New features**
  
    * xen: Add ``writeFiltering`` attribute for PCI devices
author	Mauro Matteo Cascella <mcascell@redhat.com>
	Fri, 2 Oct 2020 11:09:35 +0000 (13:09 +0200)
committer	Ján Tomko <jtomko@redhat.com>
	Fri, 2 Oct 2020 15:35:41 +0000 (17:35 +0200)