Document the fix of leaking /dev/mapper/control to QEMU (fixed in v6.6.0-rc1-3-g2249455654). Signed-off-by: Michal Privoznik <mprivozn@xxxxxxxxxx> --- NEWS.rst | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/NEWS.rst b/NEWS.rst index ff977968c7..8b53d21b8a 100644 --- a/NEWS.rst +++ b/NEWS.rst @@ -33,6 +33,13 @@ v6.6.0 (unreleased) * **Bug fixes** + * virdevmapper: Don't use libdevmapper to obtain dependencies + + When building domain's private ``/dev`` in a namespace, libdevmapper was + consulted for getting full dependency tree of domain's disks. However, this + meant that libdevmapper opened ``/dev/mapper/control`` which wasn't closed + and was leaked to QEMU. CVE-2020-14339 + v6.5.0 (2020-07-03) =================== -- 2.26.2
