Update documentation for CVE-2021-20286.
This commit is contained in:
Richard W.M. Jones
parent
4aff44eced
commit
654f8d029d
39
0001-security-Document-assignment-of-CVE-2021-20286.patch
Normal file
39
0001-security-Document-assignment-of-CVE-2021-20286.patch
Normal file
@ -0,0 +1,39 @@
|
||||
From 40308a005eaa6b2e8f98da8952d0c0cacc51efde Mon Sep 17 00:00:00 2001
|
||||
From: Eric Blake <eblake@redhat.com>
|
||||
Date: Fri, 12 Mar 2021 17:00:58 -0600
|
||||
Subject: [PATCH] security: Document assignment of CVE-2021-20286
|
||||
|
||||
Now that we finally have a CVE number, it's time to document
|
||||
the problem (it's low severity, but still a denial of service).
|
||||
|
||||
Fixes: fb4440de9cc7 (opt_go: Tolerate unplanned server death)
|
||||
---
|
||||
docs/libnbd-security.pod | 8 +++++++-
|
||||
1 file changed, 7 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/docs/libnbd-security.pod b/docs/libnbd-security.pod
|
||||
index 876ef2f..3c994de 100644
|
||||
--- a/docs/libnbd-security.pod
|
||||
+++ b/docs/libnbd-security.pod
|
||||
@@ -22,6 +22,12 @@ L<https://www.redhat.com/archives/libguestfs/2019-September/msg00128.html>
|
||||
See the full announcement here:
|
||||
L<https://www.redhat.com/archives/libguestfs/2019-October/msg00060.html>
|
||||
|
||||
+=head2 CVE-2021-20286
|
||||
+denial of service when using L<nbd_set_opt_mode(3)>
|
||||
+
|
||||
+See the full announcement here:
|
||||
+L<https://listman.redhat.com/archives/libguestfs/2021-March/msg00092.html>
|
||||
+
|
||||
=head1 SEE ALSO
|
||||
|
||||
L<libnbd(3)>.
|
||||
@@ -34,4 +40,4 @@ Richard W.M. Jones
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
-Copyright (C) 2019 Red Hat Inc.
|
||||
+Copyright (C) 2019-2021 Red Hat Inc.
|
||||
--
|
||||
2.29.0.rc2
|
||||
|
||||
@ -9,7 +9,7 @@
|
||||
|
||||
Name: libnbd
|
||||
Version: 1.7.3
|
||||
Release: 2%{?dist}
|
||||
Release: 3%{?dist}
|
||||
Summary: NBD client library in userspace
|
||||
|
||||
License: LGPLv2+
|
||||
@ -35,6 +35,9 @@ Patch0005: 0005-copy-file-ops.c-Fix-page-eviction-when-len-page_size.patch
|
||||
# Upstream patch to fix nbdkit test suite.
|
||||
Patch0006: 0006-info-Let-exit-status-reflect-any-failures-during-NBD.patch
|
||||
|
||||
# Upstream patch that documents CVE-2021-20286 (already fixed in 1.7.3).
|
||||
Patch0007: 0001-security-Document-assignment-of-CVE-2021-20286.patch
|
||||
|
||||
%if 0%{patches_touch_autotools}
|
||||
BuildRequires: autoconf, automake, libtool
|
||||
%endif
|
||||
@ -311,6 +314,9 @@ make %{?_smp_mflags} check || {
|
||||
|
||||
|
||||
%changelog
|
||||
* Mon Mar 15 2021 Richard W.M. Jones <rjones@redhat.com> - 1.7.3-3
|
||||
- Update documentation for CVE-2021-20286.
|
||||
|
||||
* Thu Mar 4 2021 Richard W.M. Jones <rjones@redhat.com> - 1.7.3-2
|
||||
- Add fix for nbdkit test suite.
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user