Signed-off-by: Peter Krempa <pkrempa@xxxxxxxxxx> --- NEWS.rst | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/NEWS.rst b/NEWS.rst index 37f3c48d88..d791b34efb 100644 --- a/NEWS.rst +++ b/NEWS.rst @@ -11,6 +11,15 @@ For a more fine-grained view, use the `git log`_. v7.6.0 (unreleased) =================== +* **Security** + + * storage: Unlock pool objects on ACL check failures in ``storagePoolLookupByTargetPath`` (CVE-2021-3667) + + A logic bug in ``storagePoolLookupByTargetPath`` where the storage pool + object was left locked after a failure of the ACL check could potentially + deprive legitimate users access to a storage pool object by users who don't + have access. + * **New features** * qemu: Incremental backup support via ``virDomainBackupBegin`` -- 2.31.1
