[Libguestfs] Re: [libnbd PATCH] docs: Mention CVE-2023-5871

Point to the list archives for more details about the recent fix in commit 177308adb1. The issue is deemed low risk, but every security bug should be mentioned. Signed-off-by: Eric Blake <eblake(a)redhat.com&gt; --- The URL may change as a result of getting the list migration stable (doing another re-import to get more than 2 years of list history may impact things); I'm also trying to figure out if mailman3/hyperkitty has a way to get a shorter permalink URL under 80 columns that will point to a given message. So for now, I'll hold off on pushing this patch until we know we are ready for it. --- docs/libnbd-security.pod | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/libnbd-security.pod b/docs/libnbd-security.pod index 216efa43..6bbd6bd8 100644 --- a/docs/libnbd-security.pod +++ b/docs/libnbd-security.pod @@ -45,6 +45,12 @@ negative size result from nbd_get_size(3) See the full announcement here: L<https://listman.redhat.com/archives/libguestfs/2023-September/032711... +=head2 CVE-2023-5871 +assertion failure for 64-bit flags passed to nbd_block_status(3) + +See the full announcement here: +L<https://lists.libguestfs.org/archives/list/guestfs@lists.libguestfs.org/thread/5CRC7LRTN35WPZZ4BT6NAMH4JGMF47IK/> + =head1 SEE ALSO