From: Mauro Matteo Cascella <mcascell@redhat.com>
Date: Fri, 2 Oct 2020 11:09:35 +0000 (+0200)
Subject: NEWS: mention CVE-2020-25637 in v6.8.0 release notes
X-Git-Tag: v6.9.0-rc1~396
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fdb6a5d79eb35a814d72c002ff451aa788b03851;p=thirdparty%2Flibvirt.git

NEWS: mention CVE-2020-25637 in v6.8.0 release notes

Signed-off-by: Mauro Matteo Cascella <mcascell@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---

diff --git a/NEWS.rst b/NEWS.rst
index de46cac8c5..f6074d9fe8 100644
--- a/NEWS.rst
+++ b/NEWS.rst
@@ -27,6 +27,14 @@ v6.9.0 (unreleased)
 v6.8.0 (2020-10-01)
 ===================
 
+* **Security**
+
+  * qemu: double free in qemuAgentGetInterfaces() in qemu_agent.c
+
+    Clients connecting to the read-write socket with limited ACL permissions
+    may be able to crash the libvirt daemon, resulting in a denial of service,
+    or potentially escalate their privileges on the system. CVE-2020-25637.
+
 * **New features**
 
   * xen: Add ``writeFiltering`` attribute for PCI devices