mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-10-03 12:55:45 +00:00
NEWS: Mention security bug in storage pool object lookup (CVE-2021-3667)
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Erik Skultety <eskultet@redhat.com>
This commit is contained in:
parent
d26efd8be9
commit
f379aabc74
9
NEWS.rst
9
NEWS.rst
@ -11,6 +11,15 @@ For a more fine-grained view, use the `git log`_.
|
||||
v7.6.0 (unreleased)
|
||||
===================
|
||||
|
||||
* **Security**
|
||||
|
||||
* storage: Unlock pool objects on ACL check failures in ``storagePoolLookupByTargetPath`` (CVE-2021-3667)
|
||||
|
||||
A logic bug in ``storagePoolLookupByTargetPath`` where the storage pool
|
||||
object was left locked after a failure of the ACL check could potentially
|
||||
deprive legitimate users access to a storage pool object by users who don't
|
||||
have access.
|
||||
|
||||
* **New features**
|
||||
|
||||
* qemu: Incremental backup support via ``virDomainBackupBegin``
|
||||
|
Loading…
Reference in New Issue
Block a user